Issue #7637 has been updated by Dan Bode. Status changed from Accepted to In Topic Branch Pending Merge Branch set to https://github.com/bodepd/puppet/tree/issue/2.7.x/7637_creates_csr_twice
---------------------------------------- Bug #7637: puppet generate certificate fails b/c it calls save csr twice https://projects.puppetlabs.com/issues/7637 Author: Dan Bode Status: In Topic Branch Pending Merge Priority: Normal Assignee: Category: Target version: Affected Puppet version: Keywords: Branch: https://github.com/bodepd/puppet/tree/issue/2.7.x/7637_creates_csr_twice When trying to generate the certificate for a node, I get the following error: <pre> $ puppet certificate generate blahtest2 --ca-location remote warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session err: Error 400 on SERVER: blahtest2 already has a requested certificate; ignoring certificate request err: Try 'puppet help certificate generate' for usage </pre> this appears to be b/c it tries to send the certificate request twice on the master: <pre> err: Could not resolve 192.168.161.1: no name for 192.168.161.1 info: access[^/catalog/([^/]+)$]: allowing 'method' find info: access[^/catalog/([^/]+)$]: allowing $1 access info: access[^/node/([^/]+)$]: allowing 'method' find info: access[^/node/([^/]+)$]: allowing $1 access info: access[/certificate_revocation_list/ca]: allowing 'method' find info: access[/certificate_revocation_list/ca]: allowing * access info: access[/report]: allowing 'method' save info: access[/report]: allowing * access info: access[/file]: allowing * access info: access[/certificate/ca]: adding authentication no info: access[/certificate/ca]: allowing 'method' find info: access[/certificate/ca]: allowing * access info: access[/certificate/]: adding authentication no info: access[/certificate/]: allowing 'method' find info: access[/certificate/]: allowing * access info: access[/certificate_request]: adding authentication no info: access[/certificate_request]: allowing 'method' find info: access[/certificate_request]: allowing 'method' save info: access[/certificate_request]: allowing * access info: access[/facts/search]: adding authentication any info: access[/facts/search]: allowing 'method' search info: access[/facts/search]: allowing * access info: access[/inventory]: allowing 'method' search info: access[/inventory]: allowing dashboard access info: access[/certificate_status]: allowing 'method' save info: access[/certificate_status]: adding authentication yes info: access[/certificate_status]: allowing * access info: access[/]: adding authentication any info: access[/]: allowing * access info: Inserting default '/status'(auth) ACL because none were found in '/etc/puppet/auth.conf' notice: blahtest2 has a waiting certificate request err: Could not resolve 192.168.161.1: no name for 192.168.161.1 /usr/local/dev/puppet/lib/puppet/indirector/certificate_request/ca.rb:14:in `save' /usr/local/dev/puppet/lib/puppet/indirector/indirection.rb:264:in `save' /usr/local/dev/puppet/lib/puppet/ssl/certificate_request.rb:12:in `save' /usr/local/dev/puppet/lib/puppet/network/http/handler.rb:164:in `do_save' /usr/local/dev/puppet/lib/puppet/network/http/handler.rb:68:in `send' /usr/local/dev/puppet/lib/puppet/network/http/handler.rb:68:in `process' /usr/local/dev/puppet/lib/puppet/network/http/webrick/rest.rb:24:in `service' /usr/lib/ruby/1.8/webrick/httpserver.rb:104:in `service' /usr/lib/ruby/1.8/webrick/httpserver.rb:65:in `run' /usr/local/dev/puppet/lib/puppet/network/http/webrick.rb:45:in `listen' /usr/lib/ruby/1.8/webrick/server.rb:173:in `call' /usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread' /usr/lib/ruby/1.8/webrick/server.rb:162:in `start' /usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread' /usr/lib/ruby/1.8/webrick/server.rb:95:in `start' /usr/lib/ruby/1.8/webrick/server.rb:92:in `each' /usr/lib/ruby/1.8/webrick/server.rb:92:in `start' /usr/lib/ruby/1.8/webrick/server.rb:23:in `start' /usr/lib/ruby/1.8/webrick/server.rb:82:in `start' /usr/local/dev/puppet/lib/puppet/network/http/webrick.rb:42:in `listen' /usr/local/dev/puppet/lib/puppet/network/http/webrick.rb:41:in `initialize' /usr/local/dev/puppet/lib/puppet/network/http/webrick.rb:41:in `new' /usr/local/dev/puppet/lib/puppet/network/http/webrick.rb:41:in `listen' /usr/lib/ruby/1.8/thread.rb:135:in `synchronize' /usr/local/dev/puppet/lib/puppet/network/http/webrick.rb:38:in `listen' /usr/local/dev/puppet/lib/puppet/network/server.rb:127:in `listen' /usr/local/dev/puppet/lib/puppet/network/server.rb:142:in `start' /usr/local/dev/puppet/lib/puppet/daemon.rb:124:in `start' /usr/local/dev/puppet/lib/puppet/application/master.rb:192:in `main' /usr/local/dev/puppet/lib/puppet/application/master.rb:134:in `run_command' /usr/local/dev/puppet/lib/puppet/application.rb:307:in `run' /usr/local/dev/puppet/lib/puppet/application.rb:411:in `hook' /usr/local/dev/puppet/lib/puppet/application.rb:307:in `run' /usr/local/dev/puppet/lib/puppet/application.rb:402:in `exit_on_fail' /usr/local/dev/puppet/lib/puppet/application.rb:307:in `run' /usr/local/dev/puppet/lib/puppet/util/command_line.rb:62:in `execute' /usr/local/dev/puppet/bin/puppet:4 err: blahtest2 already has a requested certificate; ignoring certificate request </pre> you can see in the puppet master logs, that it tries to authenticate two separate calls from the client. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
