Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-8736

/opt/puppetlabs contains device ssldir(s) normally in /etc/puppetlabs

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 6.4.4, PUP 6.8.0
    • Component/s: None
    • Environment:

      The user manages devices.

      The proxy Puppet agent is the master.

      The user executes a full backup and restore.

    • Template:
    • Acceptance Criteria:
      Hide

      ssl certificates and keys for devices are not lost when executing a backup and restore

      Show
      ssl certificates and keys for devices are not lost when executing a backup and restore
    • Team:
      Night's Watch
    • Story Points:
      3
    • Sprint:
      PR - 2019-06-12, PR - 2019-06-25, PR - 2019-07-10, PR - 2019-07-23, NW - 2019-08-07
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      Hide
      Prior to this change, Puppet device certificates were stored under the cache directory. When the proxy Puppet agent for a device is the master, and the user executes a backup and restore (manually, or as automated in OpsWorks), the certificate and keys are lost, requiring certificate regeneration for those devices.

      This fix moves the device certificate directory to a persistent path, leaving the old path as a symbolic link for compatibility purposes.

      If you are using the `device_manager` module to manage your devices, please make sure to upgrade to 3.0.1 or later to avoid a bug deleting certificates from their new location.
      Show
      Prior to this change, Puppet device certificates were stored under the cache directory. When the proxy Puppet agent for a device is the master, and the user executes a backup and restore (manually, or as automated in OpsWorks), the certificate and keys are lost, requiring certificate regeneration for those devices. This fix moves the device certificate directory to a persistent path, leaving the old path as a symbolic link for compatibility purposes. If you are using the `device_manager` module to manage your devices, please make sure to upgrade to 3.0.1 or later to avoid a bug deleting certificates from their new location.
    • QA Risk Assessment:
      Needs Assessment

      Description

      devicedir (the root directory of devices) is a combination of /etc and /opt:

      /opt/puppetlabs/puppet/cache/devices/*/
       
        clientbucket
        client_data
        client_yaml
        facts.d
        lib
        locales
        preview
        ssl
        state
       
      /opt/puppetlabs/puppet/cache/
       
        clientbucket
        client_data
        client_yaml
        facts.d
        lib
        locals
        preview
        state
       
      /etc/puppetlabs/puppet/
       
        ssl
      

      When the proxy Puppet agent for a device is the master, and the user executes a backup and restore (manually, or as automated in OpsWorks), the certificate and keys in the ssldir in each devicedir are lost, requiring certificate regeneration for those devices.

      We should either:

      • Add these device ssldir directories to our backup model
      • Move these device ssldir directories to /etc/puppetlabs

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                gabriel.nagy Gabriel Nagy
                Reporter:
                tom.kishel Thomas Kishel
              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Zendesk Support