Issue #16103 has been updated by Joe McDonagh.
sure here is the actual shell script I use for generating keys:
<pre>
#!/bin/bash
workdir="$HOME/working"
pupdir="$workdir/git/puppet"
ssldir="$pupdir/ssl"
if [ $# -lt 1 ]; then
echo "Please enter a hostname"
exit -1
fi
# Sometimes, if /var/run/puppet isn't available, this script will not work.
if ! [ -e '/var/run/puppet' ]; then
sudo mkdir /var/run/puppet
fi
for node in $@; do
puppet cert --certname puppet --ssldir $ssldir --confdir $pupdir --keylength
4096 -g $node
done
# Descend into ssldir, commit update to submodule, then go back up and update
# the parent.
pushd $pupdir >/dev/null 2>&1
pushd $ssldir >/dev/null 2>&1
git add .
git commit -am "Added key(s) for nodes #SEC"
git push
popd >/dev/null 2>&1
git add ssl
git commit -m "Updated SSL submodule"
git push
popd >/dev/null 2>&1
#vim: set expandtab ts=3 sw=3:
</pre>
Here is an example of calling it with open4:
<pre>
returncode =
Open4.popen4("#{File.expand_path('~/working/git/puppet')}/scripts/genkey.sh
#{i.user_data} 2>&1") { |pid, stdin, stdout, stderr|
puts stdout.gets until stdout.eof?
}
</pre>
----------------------------------------
Bug #16103: puppet cert -g fails weirdly if executed with no terminal, such as
with Open4.popen
https://projects.puppetlabs.com/issues/16103#change-70851
Author: Joe McDonagh
Status: Needs More Information
Priority: Normal
Assignee: Joe McDonagh
Category:
Target version:
Affected Puppet version:
Keywords:
Branch:
Hi, I have a script that I use to instantiate new nodes, and I do server-side
cert generation so part of the process is to call puppet cert -g. I recently
re-worked the script to be a little more robust, and I replaced all the
backtick executions with Open4.popen. Now, on the part where certs are
generated, it makes the request, and keys, but the request isn't signed or
removed, there is no cert at all, and nothing is put out to stderr or stdout. I
suspect it has to do with the Puppet::Util::Log.newdestination :console line,
since there is no console maybe something down the line breaks, but the code is
a little hard for me to follow down there. To me, this script should be able to
run console or not, since it makes automation pretty easy if you're generating
keys from a central spot, and handling distribution through conventional means
yourself.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
