[PUP-6828] Simplify agent SSL initialization Created: 2016/10/17  Updated: 2019/07/26  Resolved: 2019/07/26

Status: Closed
Project: Puppet
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Epic Priority: Normal
Reporter: Adrien Thebo Assignee: Unassigned
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
relates to PUP-8503 Agent SSL CLI Closed
Epic Name: Simplify agent SSL initialization
Sprint: SE 2017-01-11, SE 2017-02-08, SE 2017-02-22


The Puppet X.509 PKI initialization logic is currently confusing, inconsistent, and buggy, due to the ad hoc nature of its implementation. The Puppet::SSL::Host class is responsible, either directly or indirectly, for fetching the CA certificate, CRL, RSA key pair, CSR, and certificate. This initialization is scattered across a number of functions and files, and is largely triggered by lazy methods. This structure makes it very hard to reason about or improve the PKI initialization process.

Comment by Maggie Dreyer [ 2018/10/02 ]

Josh Cooper I guess this is the epic we should groom as part of scoping the overhaul to the agent cert bootstrapping that we were talking about. Although we'll probably end up writing new tickets, some of the stuff in here could inform the route we take. I've taken a quick pass through here and moved a few things out.

Generated at Sun Jul 12 22:22:20 PDT 2020 using Jira 8.5.2#805002-sha1:a66f9354b9e12ac788984e5d84669c903a370049.