[PUP-9108] Update `node clean` to not rely on the CA face Created: 2018/09/05  Updated: 2018/09/19  Resolved: 2018/09/17

Status: Closed
Project: Puppet
Component/s: None
Affects Version/s: None
Fix Version/s: PUP 6.0.0

Type: Task Priority: Normal
Reporter: Maggie Dreyer Assignee: Maggie Dreyer
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
relates to PUP-8998 Remove Faces related to CA and certif... Closed
Acceptance Criteria:
  • puppet node clean no longer relies on any CA faces
Team: Froyo
Release Notes: New Feature
Release Notes Summary: The `puppet node clean` command will now go through Puppet Server's CA API to clean up certs for a given node. This will help avoid issues where multiple entities attempt to revoke certs at once, since all of these updates are now funneled through the API, which handles concurrent requests correctly. See https://tickets.puppetlabs.com/browse/SERVER-115.
QA Risk Assessment: Needs Assessment


We are removing CA-related faces in Puppet 6, and the puppet node clean command relies on one of them. We should update its cert cleaning functionality to use the puppetserver-ca gem instead.

Question: should that gem be considered a runtime dependency for the puppet gem, or should we only expect this functionality to work when there is a puppetserver package present?

Comment by Kenn Hussey [ 2018/09/12 ]

Maggie Dreyer please provide release notes for this issue if needed, thanks!

Comment by Scott Garman [ 2018/09/17 ]

Since we had a green run of CI puppet-agent 6.0.0 last night, I'm bulk-changing these issues from Ready for CI -> Resolved in preparation of the release.

Generated at Sun May 31 20:49:03 PDT 2020 using Jira 8.5.2#805002-sha1:a66f9354b9e12ac788984e5d84669c903a370049.