Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-2786

`puppet cert list ca` returns an error on a working puppet installation

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: PUP 2.7.23, PUP 3.4.3, PUP 3.6.2
    • Fix Version/s: PUP 6.0.0
    • Component/s: None
    • Labels:
    • Template:
      PUP Bug Template
    • Team:
      Platform Core
    • Release Notes:
      Not Needed

      Description

      PE 2.8.3

      [root@master283-centos ~]# puppet --version
      2.7.23 (Puppet Enterprise 2.8.3)
      [root@master283-centos ~]# puppet cert list ca
      err: Could not call list: undefined method `subject_alt_names' for nil:NilClass
      undefined method `subject_alt_names' for nil:NilClass
      

      PE3.2

      [root@master323-centos ~]# puppet --version
      3.4.3 (Puppet Enterprise 3.2.3)
      [root@master323-centos ~]# puppet cert list ca --trace
      Error: undefined method `subject_alt_names' for nil:NilClass
      /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/ssl/certificate_authority/interface.rb:105:in `format_host'
      /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/ssl/certificate_authority/interface.rb:92:in `block (2 levels) in list'
      /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/ssl/certificate_authority/interface.rb:91:in `each'
      /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/ssl/certificate_authority/interface.rb:91:in `map'
      /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/ssl/certificate_authority/interface.rb:91:in `block in list'
      /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/ssl/certificate_authority/interface.rb:88:in `map'
      /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/ssl/certificate_authority/interface.rb:88:in `list'
      /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/ssl/certificate_authority/interface.rb:23:in `apply'
      /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/application/cert.rb:274:in `apply'
      /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/application/cert.rb:219:in `main'
      /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/application.rb:372:in `run_command'
      /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/application.rb:364:in `block (2 levels) in run'
      /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/application.rb:470:in `plugin_hook'
      /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/application.rb:364:in `block in run'
      /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/util.rb:478:in `exit_on_fail'
      /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/application.rb:364:in `run'
      /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/util/command_line.rb:137:in `run'
      /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/util/command_line.rb:91:in `execute'
      /opt/puppet/bin/puppet:4:in `<main>'
      

      Interestingly enough if I clean the ca certificate then it doesn't return an error.

      [root@master323-centos ~]# puppet cert clean ca
      Notice: Revoked certificate with serial 1
      Notice: Removing file Puppet::SSL::Certificate ca at '/etc/puppetlabs/puppet/ssl/ca/ca_crt.pem'
      Notice: Removing file Puppet::SSL::Certificate ca at '/etc/puppetlabs/puppet/ssl/certs/ca.pem'
      Notice: Removing file Puppet::SSL::Key ca at '/etc/puppetlabs/puppet/ssl/ca/ca_key.pem'
      [root@master323-centos ~]# puppet cert list ca
      Notice: Signed certificate request for ca
      - "ca" (SHA256) FC:A4:DA:15:6D:DB:ED:02:23:73:AC:8F:92:3E:32:73:41:CD:A0:EF:6E:4F:AC:4E:82:91:03:48:F8:F9:C2:2A (CRL signature failure)
      

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            nick.walker Nick Walker
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support