Re: [Puppet Users] emulate "puppet cert clean" via API...

[Ramin K]

I did it by giving the application that revokes and deletes it's own 
cert to use and authorized it. I suspect delete might not be allowed by 
default.

I wrote our method up here, 
https://ask.puppetlabs.com/question/3347/revoke-and-delete-cert-via-the-rest-api/

Ramin

On 4/25/2014 2:09 PM, Matthew Nicholson wrote:
I'm looking to emulate "puppet cert clean <certname>" via the REST API...

Up until now our puppet CA has lived on the same host as out cobbler
installation, letting me have triggers in cobbler to clean certs when we
rebuild hosts.  its been VERY handy.

Now we're splitting the two up, and I'm looking to do the same via the
REST API, to avoid some ssh-via-key-hackery.


I can revoke a cert seemingly fine:
matt at Matthews-iMac in ~
$ curl -k -X PUT -H "Content-Type: text/pson" --data
'{"desired_state":"revoked"}'
https://provisions:8140/production/certificate_status/<CERTNAME>
null%

(i then check and see that cert as revoked)

But then trying to actually delete the cert (so that the client can
regenerate and be autosigned when it does its first run, which we do IN
kickstart) fails:

matt at Matthews-iMac in ~
$ curl -k -X DELETE -H "Accept: pson"
https://provisions:8140/production/certificate_status/CERTNAME
{"stacktrace":["/usr/lib/ruby/site_ruby/1.8/puppet/network/http/route.rb:72:in
`process'","/usr/lib/ruby/site_ruby/1.8/puppet/network/http/handler.rb:63:in
`process'","/usr/lib/ruby/site_ruby/1.8/puppet/util/profiler/none.rb:6:in 
`profile'","/usr/lib/ruby/site_ruby/1.8/puppet/util/profiler.rb:43:in
`profile'","/usr/lib/ruby/site_ruby/1.8/puppet/network/http/handler.rb:61:in
`process'","/usr/lib/ruby/site_ruby/1.8/puppet/network/http/rack.rb:21:in 
`call'","/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/rack/request_handler.rb:96:in
`process_request'","/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/abstract_request_handler.rb:513:in
`accept_and_process_next_request'","/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/abstract_request_handler.rb:274:in
`main_loop'","/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/rack/application_spawner.rb:205:in
`start_request_handler'","/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/rack/application_spawner.rb:170:in
`send'","/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/rack/application_spawner.rb:170:in
`handle_spawn_application'","/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/utils.rb:479:in
`safe_fork'","/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/rack/application_spawner.rb:165:in
`handle_spawn_application'","/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/abstract_server.rb:357:in
`__send__'","/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/abstract_server.rb:357:in
`server_main_loop'","/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/abstract_server.rb:206:in
`start_synchronously'","/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/abstract_server.rb:180:in
`start'","/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/rack/application_spawner.rb:128:in
`start'","/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/spawn_manager.rb:253:in
`spawn_rack_application'","/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/abstract_server_collection.rb:132:in
`lookup_or_add'","/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/spawn_manager.rb:246:in
`spawn_rack_application'","/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/abstract_server_collection.rb:82:in
`synchronize'","/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/abstract_server_collection.rb:79:in
`synchronize'","/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/spawn_manager.rb:244:in
`spawn_rack_application'","/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/spawn_manager.rb:137:in
`spawn_application'","/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/spawn_manager.rb:275:in
`handle_spawn_application'","/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/abstract_server.rb:357:in
`__send__'","/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/abstract_server.rb:357:in
`server_main_loop'","/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/lib/phusion_passenger/abstract_server.rb:206:in
`start_synchronously'","/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.7/helper-scripts/passenger-spawn-server:99"],"issue_kind":"RUNTIME_ERROR","message":"Server
Error: undefined method `each' for nil:NilClass"}%


our passenger setup isn't anything exotic...

Anyone have any thoughts/ideas? I'll also take implementation idea for
how to do this from a remote system (just one), in other ways...


--
Matthew Nicholson

--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com
<mailto:puppet-users+unsubscr...@googlegroups.com>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CA%2BnEbkYj4q4K3stdvHO2OaT9MWc1A%2Bg%3DtZ%2BLkkyG6hRMgOFrBQ%40mail.gmail.com
<https://groups.google.com/d/msgid/puppet-users/CA%2BnEbkYj4q4K3stdvHO2OaT9MWc1A%2Bg%3DtZ%2BLkkyG6hRMgOFrBQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/535AD079.2090707%40badapple.net.
For more options, visit https://groups.google.com/d/optout.