Issue #9118 has been reported by Alexander Piavlo.
----------------------------------------
Bug #9118: Puppet client does not update and does consult the crl during
authentication
https://projects.puppetlabs.com/issues/9118
Author: Alexander Piavlo
Status: Unreviewed
Priority: Normal
Assignee:
Category:
Target version:
Affected Puppet version:
Keywords:
Branch:
I my tests puppet client never updates it's /var/lib/puppet/ssl/ca/ca_crl.pem
from the master
even if I delete it - it is not fetched from master then client runs.
Another issue is that puppet client does not consult the crl - after revoking
cert of node dev2.internal on master - and manually copying
/var/lib/puppet/ssl/ca/{ca_crl.pem,inventory.txt} to client mon1a.internal and
restarting the client to make sure it can pickup the crl changes - I was still
able to trigger client puppet run on mon1a.internal from dev2.internal.
It looks like puppet - client does not take the crl into consideration then
authenticating.
The relevant config on mon1a.internal is
----
# allow all authenticated nodes to trigger puppet run
path /run
method save
auth yes
allow *
----
this ACL comes first in the auth.conf file
And this is the command I used to triger puppet run from dev2.internal
curl --cert /var/lib/puppet/ssl/certs/dev2.internal.pem --key
/var/lib/puppet/ssl/private_keys/dev2.internal.pem --cacert
/var/lib/puppet/ssl/certH "Content-Type: text/pson" -d "{}"
https://mon1a.internal:8139/production/run/dev2.internal
Could these problems be taken care of?
Thanks
Alex
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
