Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-5224

the no-client option has been removed, preventing key creation

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Won't Fix
    • Affects Version/s: PUP 4.2.1
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Template:

      Description

      There are numerous reasons to acquire a key from a Puppet server, including

      1. To create a code deployment key for invalidating the environment cache

      2. To create per-user keys used for MCollective authentication

      ...etc. Manually generating the key on the server and then copying the private key across the network to the node is not ideal for many reasons. In some situations the client would rather not have someone else possess their private key for any reason. The connect/authorize model works very well for this.

      The old process was:

      $ puppet agent --certname code-deployment --no-client --test
      blah blah generating key and connecting...
      ...wait for key to be signed on server...
      $ puppet agent --certname code-deployment --no-daemonize --no-client
      

      At this point you'd have a private key and a certificate signed by the Puppet CA without anyone else ever having a copy of the private key.

      Removal of the no-client mode makes this process much more difficult/annoying. Is there another way to accomplish this request that I am unaware of?

      If not, would you consider re-enabling this option or adding a feature to puppet cert to submit key requests to remote servers and then to retrieve the results?

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            jorhett Jo Rhett
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support