Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-9108

Update `node clean` to not rely on the CA face

    Details

    • Type: Task
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 6.0.0
    • Component/s: None
    • Labels:
      None
    • Template:
    • Acceptance Criteria:
      • puppet node clean no longer relies on any CA faces
    • Team:
      Server
    • Release Notes:
      New Feature
    • Release Notes Summary:
      Hide
      The `puppet node clean` command will now go through Puppet Server's CA API to clean up certs for a given node. This will help avoid issues where multiple entities attempt to revoke certs at once, since all of these updates are now funneled through the API, which handles concurrent requests correctly. See https://tickets.puppetlabs.com/browse/SERVER-115.
      Show
      The `puppet node clean` command will now go through Puppet Server's CA API to clean up certs for a given node. This will help avoid issues where multiple entities attempt to revoke certs at once, since all of these updates are now funneled through the API, which handles concurrent requests correctly. See https://tickets.puppetlabs.com/browse/SERVER-115 .
    • QA Risk Assessment:
      Needs Assessment

      Description

      We are removing CA-related faces in Puppet 6, and the puppet node clean command relies on one of them. We should update its cert cleaning functionality to use the puppetserver-ca gem instead.

      Question: should that gem be considered a runtime dependency for the puppet gem, or should we only expect this functionality to work when there is a puppetserver package present?

        Attachments

          Issue Links

            Activity

              jsd-sla-details-panel

                People

                • Assignee:
                  maggie Maggie Dreyer
                  Reporter:
                  maggie Maggie Dreyer
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: