[PUP-9108] Update `node clean` to not rely on the CA face - Puppet Jira Server

XML

Word

Printable

Details

Type: Task
Status: Closed
Priority: Normal
Resolution: Fixed
Affects Version/s: None
Fix Version/s: PUP 6.0.0
Component/s: None
Labels:
None

Acceptance Criteria:
- puppet node clean no longer relies on any CA faces
Team:
Froyo

Release Notes:
New Feature
Release Notes Summary:

Hide
The `puppet node clean` command will now go through Puppet Server's CA API to clean up certs for a given node. This will help avoid issues where multiple entities attempt to revoke certs at once, since all of these updates are now funneled through the API, which handles concurrent requests correctly. See https://tickets.puppetlabs.com/browse/SERVER-115.

Show
The `puppet node clean` command will now go through Puppet Server's CA API to clean up certs for a given node. This will help avoid issues where multiple entities attempt to revoke certs at once, since all of these updates are now funneled through the API, which handles concurrent requests correctly. See https://tickets.puppetlabs.com/browse/SERVER-115 .

QA Risk Assessment:
Needs Assessment

Description

We are removing CA-related faces in Puppet 6, and the puppet node clean command relies on one of them. We should update its cert cleaning functionality to use the puppetserver-ca gem instead.

Question: should that gem be considered a runtime dependency for the puppet gem, or should we only expect this functionality to work when there is a puppetserver package present?

Attachments

Issue Links

relates to

PUP-8998 Remove Faces related to CA and certificate handling

Closed

Activity

People

Assignee:: Maggie Dreyer

Reporter:: Maggie Dreyer

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2018/09/05 2:25 PM

Updated:: 2018/09/19 12:37 PM

Resolved:: 2018/09/17 11:29 AM