[PUP-8736] /opt/puppetlabs contains device ssldir(s) normally in /etc/puppetlabs - Puppet Jira Server

XML

Word

Printable

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: PUP 6.4.4, PUP 6.8.0
Component/s: None
Labels:
Environment:

The user manages devices.

The proxy Puppet agent is the master.

The user executes a full backup and restore.

Acceptance Criteria:

Hide

ssl certificates and keys for devices are not lost when executing a backup and restore

Show
ssl certificates and keys for devices are not lost when executing a backup and restore
Team:
Night's Watch
Story Points:
3
Sprint:
PR - 2019-06-12, PR - 2019-06-25, PR - 2019-07-10, PR - 2019-07-23, NW - 2019-08-07

Release Notes:
Bug Fix
Release Notes Summary:

Hide
Prior to this change, Puppet device certificates were stored under the cache directory. When the proxy Puppet agent for a device is the master, and the user executes a backup and restore (manually, or as automated in OpsWorks), the certificate and keys are lost, requiring certificate regeneration for those devices.

This fix moves the device certificate directory to a persistent path, leaving the old path as a symbolic link for compatibility purposes.

If you are using the `device_manager` module to manage your devices, please make sure to upgrade to 3.0.1 or later to avoid a bug deleting certificates from their new location.

Show
Prior to this change, Puppet device certificates were stored under the cache directory. When the proxy Puppet agent for a device is the master, and the user executes a backup and restore (manually, or as automated in OpsWorks), the certificate and keys are lost, requiring certificate regeneration for those devices. This fix moves the device certificate directory to a persistent path, leaving the old path as a symbolic link for compatibility purposes. If you are using the `device_manager` module to manage your devices, please make sure to upgrade to 3.0.1 or later to avoid a bug deleting certificates from their new location.

QA Risk Assessment:
Needs Assessment

Description

devicedir (the root directory of devices) is a combination of /etc and /opt:

/opt/puppetlabs/puppet/cache/devices/*/

  clientbucket

  client_data

  client_yaml

  facts.d

lib

  locales

  preview

ssl

  state

/opt/puppetlabs/puppet/cache/

  clientbucket

  client_data

  client_yaml

  facts.d

lib

  locals

  preview

  state

/etc/puppetlabs/puppet/

ssl

When the proxy Puppet agent for a device is the master, and the user executes a backup and restore (manually, or as automated in OpsWorks), the certificate and keys in the ssldir in each devicedir are lost, requiring certificate regeneration for those devices.

We should either:

Add these device ssldir directories to our backup model
Move these device ssldir directories to /etc/puppetlabs

Attachments

Issue Links

causes

PUP-9936 Change $deviceconfdir section to agent

Resolved

relates to

MODULES-9721 Supported Release (device_manager) 3.0.1 - (2019-08-14) - (88fd2c96d81ff5cc2bc07254144644a0bb79dfc1)

Resolved

Activity

People

Assignee:: Gabriel Nagy

Reporter:: Thomas Kishel

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 2018/05/16 10:19 AM

Updated:: 2019/10/07 4:43 AM

Resolved:: 2019/07/30 8:35 AM