Issue #7109 has been updated by James Turnbull. Assignee set to Nigel Kersten
---------------------------------------- Bug #7109: Agent retrieving a cert with an already used certname gets error https://projects.puppetlabs.com/issues/7109 Author: Matt Robinson Status: Needs Decision Priority: Normal Assignee: Nigel Kersten Category: Target version: Affected Puppet version: Keywords: Branch: If agent 'foo' already has already received a signed cert back from the Puppet CA, and then a second agent asks for a cert with the certname 'foo' you get the following: /Users/matthewrobinson/work/puppet/lib/puppet/ssl/host.rb:166:in `certificate' /Users/matthewrobinson/work/puppet/lib/puppet/ssl/host.rb:227:in `wait_for_cert' /Users/matthewrobinson/work/puppet/lib/puppet/application/agent.rb:194:in `setup_host' /Users/matthewrobinson/work/puppet/lib/puppet/application/agent.rb:259:in `setup' /Users/matthewrobinson/work/puppet/lib/puppet/application.rb:304:in `run' /Users/matthewrobinson/work/puppet/lib/puppet/application.rb:420:in `hook' /Users/matthewrobinson/work/puppet/lib/puppet/application.rb:304:in `run' /Users/matthewrobinson/work/puppet/lib/puppet/application.rb:411:in `exit_on_fail' /Users/matthewrobinson/work/puppet/lib/puppet/application.rb:304:in `run' /Users/matthewrobinson/work/puppet/sbin/puppetd:4 err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key However, if you manually generate certificate request using either the new face 'puppet certificate generate `hostname` --ca-location remote --server Name_of_Puppet_Master' or curl (haven't actually tested with curl, but it's basically the same as the face), you're allowed to make a new CSR with the same name as a cert that's already signed. The question here seems to be, should the agent be fixed to allow this kind of behavior since it's possible with more manual means? -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
