Issue #7243 has been updated by Matt Wise.
So this looks like a good start ... I'm confused a bit by the documentation because you supply a value of 'attrval1 and 'attrval2' -- but your returned valuees when you check with openssl are 'testoid1' and 'testoid2'. Perhaps I don't understand properly how that works -- do the numbers in the YaML file turn into text of some kind? Overall though, the idea of filling out a separate CSR data file is fine with me. For us, we'd be filling two things into the CSR. 1) the 'class' that we intend on our node getting and 2) the 'token' we use to authenticate a node on bootup. Both of these would probably work in this setting just fine, as long as we can pull these CSR values independently as 'facts' or something. ---------------------------------------- Feature #7243: Additional data in Puppet CSRs (certdnsnames, and custom data) https://projects.puppetlabs.com/issues/7243 Author: Matt Wise Status: Needs More Information Priority: Normal Assignee: Matt Wise Category: SSL Target version: Telly Affected Puppet version: Keywords: Branch: https://github.com/jamtur01/puppet/tree/tickets/master/7243 Puppet Clients currently do not support filling in 'certdnsnames' in their CSR. That is only done on the signing-server side of things. This should be updated so that either the client, or server can set the certdnsnames (or both). In addition to this, the Puppet CSR generation code should allow for the addition of arbitrary data in the form of keypairs (foo=xyz) that is embedded into the CSR. That data should then be accessible in some way to the Puppet master process itself during catalog compilation. This allows for companies to build in their own security models around the SSL certs. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
