On Thursday, February 27, 2014 12:17:51 PM UTC-8, Johan De Wit wrote: > > Hi, > > The situation ; > > Whenever I bring up a vagrant box, I do a puppet run against my puppet > master to configure some common things I need. > And I want to avoid the remove/new request and sign cycle after a > vagrant destroy. > > This can be done using following vagrant config : > > vm_config.vm.provision :puppet_server do |puppet_server| > puppet_server.client_cert_path = > "box_certs/rspecfc20/cert_rspecfc20.koewacht.net.pem" > puppet_server.client_private_key_path = > "box_certs/rspecfc20/priv_rspecfc20.koewacht.net.pem" > puppet_server.puppet_node = "rspecfc20.koewacht.net" > puppet_server.puppet_server = "puppet.koewacht.net" > end > > but it does not work, > I get a "Error: Could not request certificate: stack level too deep" > > so, i stumbled against https://projects.puppetlabs.com/issues/21869 > > This bug seemed to be solved in 3.4.x, but I'm running 3.4.3 > > But I think, when I want to reuse my certs on my clean vagrant box, > > CA public key of the server should also be provided with both the > generated cert/private key of the node. > > Even if i stumbled against this bug, which did give the solution of my > problem, I think puppetmasters CA public key should always be provided. > > I added in my fork of the vagrant code this extra config option, and now > I my puppet run against my master, reusing my certs works : > > puppet_server.server_ca_public_key = "box_certs/ca.pem" > > But is this the way to do this, or a bug ? > > Grts > > Johan >
Hi Johan, It looks like the fix for #21869 was supposed to go out in 3.4.0 but got stuck on our "master" branch --- this means the fix won't show up until 3.5.0. Your strategy of copying the CA pubkey and agent keypair to each node should work. -Charlie -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/4185b79c-0dfc-4d42-932d-0a9b7c67e275%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
