[SERVER-2345] puppetserver-ca generate does not work when autosign is true Created: 2018/10/02  Updated: 2018/11/06  Resolved: 2018/10/17

Status: Closed
Project: Puppet Server
Component/s: None
Affects Version/s: None
Fix Version/s: SERVER 5.3.6, SERVER 6.0.2

Type: Improvement Priority: Normal
Reporter: Justin Stoller Assignee: Maggie Dreyer
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Epic Link: Server CA CLI
Team: Froyo
QA Risk Assessment: Needs Assessment


The puppetserver ca generate action attempts to submit a CSR, sign a corresponding cert, download it the signed cert, and after downloading the signed cert write out the relevant files to disk. When autosign on the master is true the second call, the one that signs the cert will fail (the server will have already signed the cert and remove the CSR). Consequently there will be a signed cert on the CA but it will not be downloaded, the command will fail, and the keypair will not have been saved.

Comment by Justin Stoller [ 2018/10/02 ]

We probably want to save the key pair if the CSR submission is successful.
Don't know if we want to check to see if the cert was signed by the master before trying to sign it? Or try to sign it and then, if a 409, continue and try to download it?

Comment by Justin Stoller [ 2018/10/02 ]

This is a problem for our default docker images.

Comment by Maggie Dreyer [ 2018/10/11 ]

This needs a release of the gem and subsequent bumps in puppetserver.

Comment by Justin Stoller [ 2018/10/25 ]

Was released in puppetserver-ca gem 1.1.2 and will go out in the 5.5.7, 6.0.3, and the Irving and Johnson builds that use them.

Comment by Kenn Hussey [ 2018/10/30 ]

Justin Stoller is there a meaningful fix version for this?

Comment by Maggie Dreyer [ 2018/10/30 ]

I don't think we tagged the commits used to bump the gem with this ticket, but I added the fix version anyway.

Generated at Wed Sep 30 00:02:16 PDT 2020 using Jira 8.5.2#805002-sha1:a66f9354b9e12ac788984e5d84669c903a370049.