[Puppet - Bug #15527] (Rejected) More sensible default for dns_alt_names

[tickets]

Issue #15527 has been updated by eric sorenson.

Status changed from Unreviewed to Rejected

There's actually logic to set exactly this, in lib/puppet/ssl/host.rb. If we're 
autogenerating a CSR on a host which also a CA (i.e. a brand new puppetmaster) 
it puts `puppet, $fqdn puppet.$domain` in the dnsAltNames field. In a quick 
test, this code appears to be doing the right thing:

      [root@master /tmp]# puppet master --no-daemonize --debug --confdir=/tmp 
--ssldir=/tmp/ssl --user=pe-puppet --group=pe-puppet
      [root@master /tmp/ssl/certs]# openssl x509 -noout -text -in 
master.puppetlabs.lan.pem 
        X509v3 extensions:
            Netscape Comment: 
                Puppet Ruby/OpenSSL Internal Certificate
            X509v3 Subject Alternative Name: 
                DNS:master.puppetlabs.lan, DNS:puppet, DNS:puppet.puppetlabs.lan

I agree that SSL issues are way less user-delightful than they ought to be, but 
this part of the system seems to work as intended.
----------------------------------------
Bug #15527: More sensible default for dns_alt_names
https://projects.puppetlabs.com/issues/15527#change-69156

Author: Josh Endries
Status: Rejected
Priority: Normal
Assignee: 
Category: 
Target version: 
Affected Puppet version: 2.7.6
Keywords: 
Branch: 


I'm tired of running into this bug every single time I create a new install of 
Puppet. Please make the default for dns_alt_names="puppet", or 
"puppet,`hostname`" or "puppet,puppet.`facter domain`" or something. Puppet 
doesn't "just work" with the defaults. This single stupid thing causes a lot of 
frustration and questions from new users, most of which really don't give a 
crap about PKI, wasting their time and that of people trying to troubleshoot 
and explain it. There are questions all over the web and IRC and probably email.

Maybe this has already been fixed, I dunno, I couldn't even find the latest 
Puppet version number on the new commercialized web site. Just Puppet 
Enterprise 2.5, which is even older than what I have...it used to be easy to 
navigate. If it's been fixed, awesome. Cheers.


-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://projects.puppetlabs.com/my/account

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Bugs" group.
To post to this group, send email to puppet-bugs@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-bugs+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-bugs?hl=en.