Issue #17672 has been updated by eric sorenson. Status changed from Unreviewed to Accepted Assignee set to Gary Larizza
Sure, makes sense to me. Care to work up a patch, Gary? ---------------------------------------- Feature #17672: As long as the agent's certificate is not found, the certificate fingerprint should be printed with every Puppet run. https://projects.puppetlabs.com/issues/17672#change-84077 Author: Gary Larizza Status: Accepted Priority: Normal Assignee: Gary Larizza Category: Target version: Affected Puppet version: 2.7.19 Keywords: certificate fingerprint agent Branch: Please feel free to clean up the Subject. When an agent generates a certificate signing request, the certificate fingerprint is printed: <pre> info: Creating a new SSL key for new.cert info: Creating a new SSL certificate request for new.cert info: Certificate Request fingerprint (md5): E5:CA:E0:41:EC:94:CA:5C:73:22:7B:79:CE:10:CD:71 Exiting; no certificate found and waitforcert is disabled </pre> As long as a certificate isn't found, Puppet will not connect with the Master and retrieve a catalog. The problem then becomes comparing the certificate fingerprint on the agent with the fingerprint presented to the master (i.e. the output of `puppet cert list`). Right now you can run `puppet agent --fingerprint` to display the certificate fingerprint, but I think it would be helpful if the fingerprint is printed along with the `Exiting; no certificate found and waitforcert is disabled` message (that way you can validate that not only is the certificate coming from WHERE you expect it, but the fingerprint matches exactly). -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
