Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-2018

`puppet certificate generate` Generates Two CSRs in One Run

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: PUP 3.4.3, PUP 3.7.1
    • Fix Version/s: PUP 4.6.1
    • Component/s: None
    • Labels:
    • Environment:

      One Puppet Master & separate CA server (both configured as below):
      CentOS 6.5 x86_64
      RVM - Ruby 2.0.0-p451
      Puppet installed via a Gem (3.4.3)
      VirtualBox VM

    • Template:
    • Story Points:
      3
    • Sprint:
      Client 2016-08-10, Client 2016-08-24
    • CS Priority:
      Reviewed
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      This fixes a bug in the `puppet certificate generate` command where it attempted to generate a CSR for the FQDN for the host when the same FQDN was provided as the remote.

      Description

      When I run the following on my Puppet Master:

      `puppet certificate generate --verbose --ca-location remote HOSTNAME`

      I receive the following:

      http://pastie.org/private/ackais1tdrc0lyjyekozxq

      The remote Puppet CA does successfully sign the request (autosign is configured), but the command will always exit 1 because of the second CSR creation (which is unnecessary).

      I have noticed that if the Puppet Master already has a CSR in its '*/ssl/certificate_requests/' directory, the command runs as expected:

      http://pastie.org/private/iueobgf93b8q0k4edmi56q

        Attachments

          Issue Links

            Activity

              jsd-sla-details-panel

                People

                • Assignee:
                  john.duarte John Duarte
                  Reporter:
                  Ginja Riley Shott
                • Votes:
                  3 Vote for this issue
                  Watchers:
                  20 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: