I'm using Puppet 3.7.3 and I observe this strange behavior when using the
API to sign a certificate:
==> /var/log/apache.log <==
> Jun 28 17:18:07.000000 prod-puppetca apache: 127.0.0.1 prod-puppetca:8140
> - - [28/Jun/2015:17:18:03 +0000] "PUT
> /production/certificate_request/prod-clientbox HTTP/1.1" 200 1582 "-"
> "python-requests/2.7.0 CPython/2.7.6 Linux/3.13.0-46-generic"
>
> ==> /var/log/daemon.log <==
> Jun 28 17:18:03.000000 prod-puppetca puppet-master[27451]: prod-clientbox
> has a waiting certificate request
> Jun 28 17:18:07.000000 prod-puppetca puppet-master[27451]: Signed
> certificate request for prod-clientbox
> Jun 28 17:18:07.000000 prod-puppetca puppet-master[27451]: Removing file
> Puppet::SSL::CertificateRequest prod-clientbox at
> '/var/lib/puppet/ssl/ca/requests/prod-clientbox.pem'
For some reason a single PUT call to `certificate_request/` signs the CSR
and then also removes it!
Under normal circumstances (when the CSR does not get removed) I have a
follow up API call for `certificate_status/` with
{"desired_state":"signed"} passed in. However when the CSR is removed, this
no longer works because puppet refuses with the following message:
Cannot sign for host prod-clientbox without a certificate request
Why does the CSR get removed with the same API call that uploads it?
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/252601bb-ba03-45c8-93cb-b10eb2a0a072%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
