Re: [Puppet Users] Re: Updates to CA command line interaction in Puppet 6

2019-05-24 Thread Evgenii Fedosov
Hi Maggie, I realized what the issue was once I posted it of course =) Thank you for your suggestion but unfortunately I've tried using puppet cert but the system says "This command is no longer functional, please use 'puppetserver ca' instead", that's why I was trying the latter initially. I f

Re: [Puppet Users] Re: Updates to CA command line interaction in Puppet 6

2019-05-24 Thread Maggie Dreyer
Hi Evgenii, The `puppetserver ca` command is only available starting in version 5.3.5 of Puppet Server, released last August. Puppet Server 2.8.1 is EOL (along with all of Platform 4) and is not receiving feature updates like this one. You should probably try to use the `puppet cert` command inste

[Puppet Users] Re: Updates to CA command line interaction in Puppet 6

2019-05-24 Thread Evgenii Fedosov
Hi Maggie, I'm curretly trying to use puppetserver ca commands on m puppetserver but getting the following error message: puppetserver: 'ca' is not a puppetserver command. See 'puppetserver --help' I've dug through a ton of information but none of it references this exact message. I'm using pup

Re: [Puppet Users] Re: Updates to CA command line interaction in Puppet 6

2018-10-15 Thread Mike Sharpton
Thanks, I wasted about 60 mins before finding this after monkeying about trying to fix my CA. Trying test upgrade from 4.2.2 to 6.0.1 in a split environment. Wish me luck. Thanks again! Mike On Monday, October 1, 2018 at 10:27:41 PM UTC-5, Simon Tideswell wrote: > > Hello Henri > > I suspect

Re: [Puppet Users] Re: Updates to CA command line interaction in Puppet 6

2018-10-01 Thread Simon Tideswell
Hello Henri I suspect you've already had this answered, but I just replaced the offending stanza ... *allow: {* * extensions: {* * pp_cli_auth: "true"* * }* *}* with *allow: "the.fqdn.of.my.puppetserver"* I actually have a number of Puppet servers serving different clients and s

Re: [Puppet Users] Re: Updates to CA command line interaction in Puppet 6

2018-09-28 Thread schomaecker
Thank you very much Maggie, 1) did the job the right way. Perfect :-) Yours Henri Am Donnerstag, 27. September 2018 18:19:37 UTC+2 schrieb Maggie Dreyer: > > Here are a few options that should work: > > 1) whitelist the master's certname (which is more secure than > allow-unauthenticated anyway

Re: [Puppet Users] Re: Updates to CA command line interaction in Puppet 6

2018-09-27 Thread Justin Stoller
On Thu, Sep 27, 2018 at 9:12 AM wrote: > Hi again, > > I also tried to set allow-unauthenticated: true for rule "puppetlabs cert > status" and that worked. > Now I was able to sign the csr. > Be aware, this is a very dangerous way to solve the problem. This will allow anyone with http access to

Re: [Puppet Users] Re: Updates to CA command line interaction in Puppet 6

2018-09-27 Thread Maggie Dreyer
Here are a few options that should work: 1) whitelist the master's certname (which is more secure than allow-unauthenticated anyway). See the example at the bottom of this section in the docs. 2) Another community member also created h

[Puppet Users] Re: Updates to CA command line interaction in Puppet 6

2018-09-27 Thread schomaecker
Hi again, I also tried to set allow-unauthenticated: true for rule "puppetlabs cert status" and that worked. Now I was able to sign the csr. And sorry, puppetserver ca list now also works. Yours Henri Am Donnerstag, 20. September 2018 00:58:06 UTC+2 schrieb Simon Tideswell: > > Hello > > I've

[Puppet Users] Re: Updates to CA command line interaction in Puppet 6

2018-09-27 Thread schomaecker
Hi, @Simon: Could you please describe how you solved that problem? I already invested hours to at least find the reason for the problem that "puppetserver ca list" gives me a 403 Forbidden, but couldn't solve it until now. And unfortunately this thread is the only document I could find on goog

Re: [Puppet Users] Re: Updates to CA command line interaction in Puppet 6

2018-09-19 Thread Maggie Dreyer
Thanks for the feedback! We'll have docs around the upgrade scenario out shortly. We had instructions around exactly what you did in release notes for the 5.5 version where we started shipping the gem, as the best way forwar

[Puppet Users] Re: Updates to CA command line interaction in Puppet 6

2018-09-19 Thread Simon Tideswell
Forgot to mention: this is on Ubuntu 18 (Bionic) using the packages pulled from apt.puppetlabs.com. Simon On Thursday, September 20, 2018 at 8:58:06 AM UTC+10, Simon Tideswell wrote: > > Hello > > I've upgraded a test server from Puppet 5.5 to Puppet 6 and the upgrade > was quite seamless. > > H

[Puppet Users] Re: Updates to CA command line interaction in Puppet 6

2018-09-19 Thread Simon Tideswell
Hello I've upgraded a test server from Puppet 5.5 to Puppet 6 and the upgrade was quite seamless. However post upgrade the puppetserver ca command does not work: it yields 403 denied errors. In auth.conf the new Puppet Server has elements like ... allow: { extensions: { pp_cli_au