Control: severity -1 normal
Le 2023-02-27 à 11 h 29, Bastian Blank a écrit :
On Mon, Feb 27, 2023 at 10:14:33AM -0500, Jérôme Charaoui wrote:
Unfortunately I'm unable to reproduce this issue. Is this a new puppetserver
installation, or an upgrade from puppet-master 5.5?
This is a new installation.
However I found the reason. The hostname setup is incomplete. The
server considers the name for the certificate to be "debian-sid." and
uses files "debian-sid..crt" (aka it adds a trailing dot).
The agent seems to be not that kind and tries to get a new certificate,
which fails as the CN is already in use.
I'm curious to learn how one may reproduce this issue. Here in my test
containers none of the machines' hostnames have a FQDN: only the host
part exists, and neither do puppet agent nor puppetserver add a trailing
dot to the client certificate.
Le 2023-02-27 à 11 h 46, Antoine Beaupré a écrit :
> Is not having a FQDN even supported in Puppet?
If a certificate can be generated for it, it works, so yes one can use
puppet on machines without FQDNs.
> Maybe this could warrant a severity downgrade too... Seems like an
edge case...
Downgraded to normal.
-- Jérôme
