[PUP-9108] Update `node clean` to not rely on the CA face Created: 2018/09/05 Updated: 2018/09/19 Resolved: 2018/09/17
|Fix Version/s:||PUP 6.0.0|
|Reporter:||Maggie Dreyer||Assignee:||Maggie Dreyer|
|Remaining Estimate:||Not Specified|
|Time Spent:||Not Specified|
|Original Estimate:||Not Specified|
|Release Notes:||New Feature|
|Release Notes Summary:||The `puppet node clean` command will now go through Puppet Server's CA API to clean up certs for a given node. This will help avoid issues where multiple entities attempt to revoke certs at once, since all of these updates are now funneled through the API, which handles concurrent requests correctly. See https://tickets.puppetlabs.com/browse/SERVER-115.|
|QA Risk Assessment:||Needs Assessment|
We are removing CA-related faces in Puppet 6, and the puppet node clean command relies on one of them. We should update its cert cleaning functionality to use the puppetserver-ca gem instead.
Question: should that gem be considered a runtime dependency for the puppet gem, or should we only expect this functionality to work when there is a puppetserver package present?
|Comment by Kenn Hussey [ 2018/09/12 ]|
Maggie Dreyer please provide release notes for this issue if needed, thanks!
|Comment by Scott Garman [ 2018/09/17 ]|
Since we had a green run of CI puppet-agent 6.0.0 last night, I'm bulk-changing these issues from Ready for CI -> Resolved in preparation of the release.