Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-9720

puppet agent --fingerprint is broken

    XMLWordPrintable

    Details

    • Template:
    • Team:
      Coremunity
    • Sprint:
      Platform Core KANBAN
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      If the agent doesn't have a client cert yet, then `puppet agent --fingerprint` will now print the SHA256 digest of the certificate request (CSR) like it used to do in Puppet < 6.4. Note this the digest of the DER encoded certificate or CSR.
    • QA Risk Assessment:
      Needs Assessment

      Description

      Prior to 6.4, puppet agent --fingerprint would print the hash of the client cert or client's CSR. In the process it would generate a private key, download the CA cert and CRL, attempt to download the client cert, and print the cert's fingerprint. If that failed it would attempt to load the client's CSR locally or retrieve the CSR from the server, and print its fingerprint.

      Note puppet agent --fingerprint never submitted the CSR, but it might seem to work if a previous agent run had already submitted the CSR, and either due to manual intervention or autosigning, the CSR is signed before puppet agent --fingerprint is run.

      In 6.4 the option doesn't work, because it's trying to pass onetime: true keyword arguments, which the state machine doesn't accept. It also doesn't print the hash of the CSR, which is important for things like PUP-9715.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              josh Josh Cooper
              Reporter:
              josh Josh Cooper
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support