[PUP-8503] Agent SSL CLI Created: 2018/02/28  Updated: 2018/09/25  Due: 2018/06/13  Resolved: 2018/09/19

Status: Closed
Project: Puppet
Component/s: None
Affects Version/s: None
Fix Version/s: PUP 6.0.0

Type: Epic Priority: Critical
Reporter: Josh Cooper Assignee: Unassigned
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
blocks PUP-3649 Delete old cert CLI tools from codebase Closed
relates to PUP-6828 Simplify agent SSL initialization Closed
Epic Name: Ruby SSL CLI
QA Risk Assessment: Needs Assessment


Create a new puppet application for managing agent keys, CSR and certificates. It should not rely on the indirector to make network requests.

This epic should leverage the work done in PUP-6828 (to simplify agent SSL initialization).

Comment by Maggie Dreyer [ 2018/07/30 ]

Yes, these tickets comprise most of our next-up work. The related epic I will have to pick through, my guess is some of it is getting cleaned up along the way, and some might be deferred/closed.

Comment by Josh Cooper [ 2018/07/30 ]

Maggie Dreyer I think there is a set of tickets around an application for managing the SSL client lifecycle, (re)generating csr, downloading ca bundles, etc. I've been reserving puppet ssl (see https://github.com/puppetlabs/puppet/pull/6175) for that purpose.

And there's a set of tickets around reworking puppet's certificate and ssl subsystems to not have global state, not use the indirector, etc. For example, fixing Puppet::SSL::Host. Let's sync up on that this week.

Comment by Maggie Dreyer [ 2018/07/30 ]

puppet ssl works for me as an agent-side subcommand.

A lot of the indirector stuff has already been removed from SSL::Host, but not all of it. Doing the rest seems like a good idea, and probably not terribly difficult. Also strikes me as something we could do post-Puppet 6.0 if we needed to.

Comment by Kenn Hussey [ 2018/09/19 ]

Maggie Dreyer can we close out this epic now that Puppet 6 has shipped (and maybe moved remaining items out)?

Generated at Sat Aug 08 23:52:50 PDT 2020 using Jira 8.5.2#805002-sha1:a66f9354b9e12ac788984e5d84669c903a370049.