Issue #7702 has been updated by Nigel Kersten. Target version changed from 2.7.0 to 2.7.x
I was under the (mistaken) impression that this face had deprecated the original 'cert' application and was thus targeting 2.7.0. "puppet certificate" can generate remote certs assuming you've set up auth.conf appropriately, and to work around this bug in the meantime, use the original "puppet cert" application. We will be fixing this. ---------------------------------------- Bug #7702: using certificate face to generate certificates does not work https://projects.puppetlabs.com/issues/7702 Author: Peter Meier Status: Accepted Priority: Normal Assignee: Category: Faces Target version: 2.7.x Affected Puppet version: 2.7.0rc3 Keywords: faces, certificates Branch: Using today's 2.7.x branch I cannot generate any certificates, even if I pass the --ca-location option (see #7701). Puppet complains that host already has a request although that is the request that it just generated. <pre> # find /var/lib/puppet/ssl/ | grep foobar # --nothing-- # RUBYLIB=lib/ ./bin/puppet certificate generate foobar --ca-location local --debug --trace debug: Puppet::Type::User::ProviderUser_role_add: file roledel does not exist debug: Puppet::Type::User::ProviderLdap: true value when expecting false debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist debug: Puppet::Type::File::ProviderMicrosoft_windows: feature microsoft_windows is missing debug: /File[/var/lib/puppet/state]/seluser: Found seluser default 'system_u' for /var/lib/puppet/state debug: /File[/var/lib/puppet/state]/selrole: Found selrole default 'object_r' for /var/lib/puppet/state debug: /File[/var/lib/puppet/state]/seltype: Found seltype default 'var_t' for /var/lib/puppet/state debug: /File[/var/lib/puppet/state]/selrange: Found selrange default 's0' for /var/lib/puppet/state debug: /File[/var/lib/puppet/facts]/seluser: Found seluser default 'system_u' for /var/lib/puppet/facts debug: /File[/var/lib/puppet/facts]/selrole: Found selrole default 'object_r' for /var/lib/puppet/facts debug: /File[/var/lib/puppet/facts]/seltype: Found seltype default 'var_t' for /var/lib/puppet/facts debug: /File[/var/lib/puppet/facts]/selrange: Found selrange default 's0' for /var/lib/puppet/facts debug: /File[/var/lib/puppet/ssl/certs/ca.pem]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/certs/ca.pem debug: /File[/var/lib/puppet/ssl/certs/ca.pem]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/certs/ca.pem debug: /File[/var/lib/puppet/ssl/certs/ca.pem]/seltype: Found seltype default 'var_t' for /var/lib/puppet/ssl/certs/ca.pem debug: /File[/var/lib/puppet/ssl/certs/ca.pem]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/certs/ca.pem debug: /File[/var/lib/puppet/ssl/public_keys/puppet.example.com.pem]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/public_keys/puppet.example.com.pem debug: /File[/var/lib/puppet/ssl/public_keys/puppet.example.com.pem]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/public_keys/puppet.example.com.pem debug: /File[/var/lib/puppet/ssl/public_keys/puppet.example.com.pem]/seltype: Found seltype default 'var_t' for /var/lib/puppet/ssl/public_keys/puppet.example.com.pem debug: /File[/var/lib/puppet/ssl/public_keys/puppet.example.com.pem]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/public_keys/puppet.example.com.pem debug: /File[/var/lib/puppet/ssl/private_keys]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/private_keys debug: /File[/var/lib/puppet/ssl/private_keys]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/private_keys debug: /File[/var/lib/puppet/ssl/private_keys]/seltype: Found seltype default 'var_t' for /var/lib/puppet/ssl/private_keys debug: /File[/var/lib/puppet/ssl/private_keys]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/private_keys debug: /File[/var/lib/puppet/ssl/certs]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/certs debug: /File[/var/lib/puppet/ssl/certs]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/certs debug: /File[/var/lib/puppet/ssl/certs]/seltype: Found seltype default 'var_t' for /var/lib/puppet/ssl/certs debug: /File[/var/lib/puppet/ssl/certs]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/certs debug: /File[/var/lib/puppet/ssl/public_keys]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/public_keys debug: /File[/var/lib/puppet/ssl/public_keys]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/public_keys debug: /File[/var/lib/puppet/ssl/public_keys]/seltype: Found seltype default 'var_t' for /var/lib/puppet/ssl/public_keys debug: /File[/var/lib/puppet/ssl/public_keys]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/public_keys debug: /File[/var/lib/puppet/ssl/private_keys/puppet.example.com.pem]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/private_keys/puppet.example.com.pem debug: /File[/var/lib/puppet/ssl/private_keys/puppet.example.com.pem]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/private_keys/puppet.example.com.pem debug: /File[/var/lib/puppet/ssl/private_keys/puppet.example.com.pem]/seltype: Found seltype default 'var_t' for /var/lib/puppet/ssl/private_keys/puppet.example.com.pem debug: /File[/var/lib/puppet/ssl/private_keys/puppet.example.com.pem]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/private_keys/puppet.example.com.pem debug: /File[/var/lib/puppet/ssl/certificate_requests]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/certificate_requests debug: /File[/var/lib/puppet/ssl/certificate_requests]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/certificate_requests debug: /File[/var/lib/puppet/ssl/certificate_requests]/seltype: Found seltype default 'var_t' for /var/lib/puppet/ssl/certificate_requests debug: /File[/var/lib/puppet/ssl/certificate_requests]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/certificate_requests debug: /File[/var/lib/puppet/ssl/certs/puppet.example.com.pem]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/certs/puppet.example.com.pem debug: /File[/var/lib/puppet/ssl/certs/puppet.example.com.pem]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/certs/puppet.example.com.pem debug: /File[/var/lib/puppet/ssl/certs/puppet.example.com.pem]/seltype: Found seltype default 'var_t' for /var/lib/puppet/ssl/certs/puppet.example.com.pem debug: /File[/var/lib/puppet/ssl/certs/puppet.example.com.pem]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/certs/puppet.example.com.pem debug: /File[/var/lib/puppet/ssl/csr_puppet.example.com.pem]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/csr_puppet.example.com.pem debug: /File[/var/lib/puppet/ssl/csr_puppet.example.com.pem]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/csr_puppet.example.com.pem debug: /File[/var/lib/puppet/ssl/csr_puppet.example.com.pem]/seltype: Found seltype default 'var_t' for /var/lib/puppet/ssl/csr_puppet.example.com.pem debug: /File[/var/lib/puppet/ssl/csr_puppet.example.com.pem]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/csr_puppet.example.com.pem debug: /File[/var/lib/puppet/lib]/seluser: Found seluser default 'system_u' for /var/lib/puppet/lib debug: /File[/var/lib/puppet/lib]/selrole: Found selrole default 'object_r' for /var/lib/puppet/lib debug: /File[/var/lib/puppet/lib]/seltype: Found seltype default 'var_t' for /var/lib/puppet/lib debug: /File[/var/lib/puppet/lib]/selrange: Found selrange default 's0' for /var/lib/puppet/lib debug: /File[/var/lib/puppet/ssl/private]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/private debug: /File[/var/lib/puppet/ssl/private]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/private debug: /File[/var/lib/puppet/ssl/private]/seltype: Found seltype default 'var_t' for /var/lib/puppet/ssl/private debug: /File[/var/lib/puppet/ssl/private]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/private debug: /File[/var/run/puppet]/seluser: Found seluser default 'system_u' for /var/run/puppet debug: /File[/var/run/puppet]/selrole: Found selrole default 'object_r' for /var/run/puppet debug: /File[/var/run/puppet]/seltype: Found seltype default 'var_run_t' for /var/run/puppet debug: /File[/var/run/puppet]/selrange: Found selrange default 's0' for /var/run/puppet debug: /File[/var/lib/puppet/ssl/crl.pem]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/crl.pem debug: /File[/var/lib/puppet/ssl/crl.pem]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/crl.pem debug: /File[/var/lib/puppet/ssl/crl.pem]/seltype: Found seltype default 'var_t' for /var/lib/puppet/ssl/crl.pem debug: /File[/var/lib/puppet/ssl/crl.pem]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/crl.pem debug: /File[/var/log/puppet]/seluser: Found seluser default 'system_u' for /var/log/puppet debug: /File[/var/log/puppet]/selrole: Found selrole default 'object_r' for /var/log/puppet debug: /File[/var/log/puppet]/seltype: Found seltype default 'var_log_t' for /var/log/puppet debug: /File[/var/log/puppet]/selrange: Found selrange default 's0' for /var/log/puppet debug: /File[/var/lib/puppet]/seluser: Found seluser default 'system_u' for /var/lib/puppet debug: /File[/var/lib/puppet]/selrole: Found selrole default 'object_r' for /var/lib/puppet debug: /File[/var/lib/puppet]/seltype: Found seltype default 'var_t' for /var/lib/puppet debug: /File[/var/lib/puppet]/selrange: Found selrange default 's0' for /var/lib/puppet debug: /File[/var/lib/puppet/ssl]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl debug: /File[/var/lib/puppet/ssl]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl debug: /File[/var/lib/puppet/ssl]/seltype: Found seltype default 'var_t' for /var/lib/puppet/ssl debug: /File[/var/lib/puppet/ssl]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl debug: /File[/var/lib/puppet/etc]/seluser: Found seluser default 'system_u' for /var/lib/puppet/etc debug: /File[/var/lib/puppet/etc]/selrole: Found selrole default 'object_r' for /var/lib/puppet/etc debug: /File[/var/lib/puppet/etc]/seltype: Found seltype default 'var_t' for /var/lib/puppet/etc debug: /File[/var/lib/puppet/etc]/selrange: Found selrange default 's0' for /var/lib/puppet/etc debug: Failed to load library 'ldap' for feature 'ldap' debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/etc]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/private_keys/puppet.example.com.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys] debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/certs/puppet.example.com.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/ssl/csr_puppet.example.com.pem]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/public_keys/puppet.example.com.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys] debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] debug: Finishing transaction 23883935782360 info: Creating a new SSL key for foobar info: Creating a new SSL certificate request for foobar info: Certificate Request fingerprint (md5): 38:70:57:53:2C:CE:60:A2:A7:54:EE:60:3B:30:77:A1 notice: foobar has a waiting certificate request debug: Using cached certificate_request for foobar ./lib/puppet/indirector/certificate_request/ca.rb:14:in `save' ./lib/puppet/indirector/indirection.rb:264:in `save' ./lib/puppet/ssl/certificate_request.rb:12:in `save' ./lib/puppet/face/certificate.rb:51:in `generate implementation, required on Ruby 1.8' ./lib/puppet/interface/action.rb+eval[wrapper]:225:in `__send__' ./lib/puppet/interface/action.rb+eval[wrapper]:225:in `generate' ./lib/puppet/application/face_base.rb:220:in `send' ./lib/puppet/application/face_base.rb:220:in `main' ./lib/puppet/application.rb:315:in `run_command' ./lib/puppet/application.rb:307:in `run' ./lib/puppet/application.rb:411:in `hook' ./lib/puppet/application.rb:307:in `run' ./lib/puppet/application.rb:402:in `exit_on_fail' ./lib/puppet/application.rb:307:in `run' ./lib/puppet/util/command_line.rb:62:in `execute' ./bin/puppet:4 err: foobar already has a requested certificate; ignoring certificate request err: Try 'puppet help certificate generate' for usage # find /var/lib/puppet/ssl/ | grep foobar /var/lib/puppet/ssl/ca/requests/foobar.pem /var/lib/puppet/ssl/private_keys/foobar.pem /var/lib/puppet/ssl/public_keys/foobar.pem /var/lib/puppet/ssl/certificate_requests/foobar.pem </pre> -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
