Jira (PUP-5644) puppet lookup command creates new SSL hierarchy with self-signed CA
Title: Message Title Thomas Hallgren commented on PUP-5644 Re: puppet lookup command creates new SSL hierarchy with self-signed CA This can be verified using a root user + masterless too. The ssl directory hierarchy is always created but there are no files when the fix is in place. Look for the self signed CA ssl/certs/ca.pem. You will also see a difference in that the message: Notice: Signed certificate request for ca is present before the fix but not after. Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5644) puppet lookup command creates new SSL hierarchy with self-signed CA
Title: Message Title Thomas Hallgren assigned an issue to qa Puppet / PUP-5644 puppet lookup command creates new SSL hierarchy with self-signed CA Change By: Thomas Hallgren Status: Needs Information Ready for Test Assignee: Sean Griffin qa Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5644) puppet lookup command creates new SSL hierarchy with self-signed CA
Title: Message Title Thomas Hallgren assigned an issue to Sean Griffin Puppet / PUP-5644 puppet lookup command creates new SSL hierarchy with self-signed CA Change By: Thomas Hallgren Assignee: qa Sean Griffin Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5644) puppet lookup command creates new SSL hierarchy with self-signed CA
Title: Message Title Thomas Hallgren assigned an issue to Sean Griffin Puppet / PUP-5644 puppet lookup command creates new SSL hierarchy with self-signed CA Change By: Thomas Hallgren Assignee: Thomas Hallgren Sean Griffin Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5644) puppet lookup command creates new SSL hierarchy with self-signed CA
Title: Message Title Sean Griffin updated an issue Puppet / PUP-5644 puppet lookup command creates new SSL hierarchy with self-signed CA Change By: Sean Griffin QA Risk Assessment: Low QA Status: Reviewed Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5644) puppet lookup command creates new SSL hierarchy with self-signed CA
Title: Message Title Sean Griffin assigned an issue to Sean Griffin Puppet / PUP-5644 puppet lookup command creates new SSL hierarchy with self-signed CA Change By: Sean Griffin Assignee: qa Sean Griffin Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5644) puppet lookup command creates new SSL hierarchy with self-signed CA
Title: Message Title Sean Griffin commented on PUP-5644 Re: puppet lookup command creates new SSL hierarchy with self-signed CA It appears that the new code fixes the server/agent use case (which is probably the more important of the two) but has no effect on the masterless use case. It is possible I don't understand the fail scenario. The description shows tracking of these certs in directory ~/.puppetlabs/. My runs generated no such directory. The new directory is in /etc/puppetlabs. Tested on centos-7 using the head of stable branch (which also includes the fix for PUP-5416 , puppet lookup command too verbose). Masterless use case: There appears to be no difference between the fixed and unfixed versions of puppet. In both cases a puppet-apply command or a puppet-lookup will result in new ssl directory containing certs, etc. being created in /etc/puppetlabs/puppet. Below is the result on the "fixed" version. # no ssl directory in /etc/puppetlabs/puppet. [root@bw7qlcliqg5a9qt ~]# cd /etc/puppetlabs/puppet [root@bw7qlcliqg5a9qt puppet]# ls auth.conf puppet.conf [root@bw7qlcliqg5a9qt puppet]# date Fri Jan 8 12:47:32 PST 2016
Jira (PUP-5644) puppet lookup command creates new SSL hierarchy with self-signed CA
Title: Message Title Sean Griffin assigned an issue to Thomas Hallgren Have I misunderstood the masterless failing case? Is the fix for the server/agent use case sufficient to close this ticket? The masterless case doesn't generate the error message and it returns the correct value. Puppet / PUP-5644 puppet lookup command creates new SSL hierarchy with self-signed CA Change By: Sean Griffin Assignee: Sean Griffin Thomas Hallgren Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5644) puppet lookup command creates new SSL hierarchy with self-signed CA
Title: Message Title Jo Rhett commented on PUP-5644 Re: puppet lookup command creates new SSL hierarchy with self-signed CA Well one difference is that I was running as a non-root user, whereas you are not. Perhaps the code has differences in that situation? Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5644) puppet lookup command creates new SSL hierarchy with self-signed CA
Title: Message Title Eric Thompson assigned an issue to qa Puppet / PUP-5644 puppet lookup command creates new SSL hierarchy with self-signed CA Change By: Eric Thompson Status: Ready for CI Test Assignee: qa Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5644) puppet lookup command creates new SSL hierarchy with self-signed CA
Title: Message Title Henrik Lindberg commented on PUP-5644 Re: puppet lookup command creates new SSL hierarchy with self-signed CA merged to stable at: 9ae4c58 Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5644) puppet lookup command creates new SSL hierarchy with self-signed CA
Title: Message Title Henrik Lindberg updated an issue Puppet / PUP-5644 puppet lookup command creates new SSL hierarchy with self-signed CA Change By: Henrik Lindberg Release Notes Summary: The lookup command needlessly created a separate SSL hierarchy with self-assigned CA. Now it does not. Release Notes: Bug Fix Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5644) puppet lookup command creates new SSL hierarchy with self-signed CA
Title: Message Title Thomas Hallgren assigned an issue to Thomas Hallgren Puppet / PUP-5644 puppet lookup command creates new SSL hierarchy with self-signed CA Change By: Thomas Hallgren Assignee: Thomas Hallgren Scope Change Category: Found Scope Change Reason: Annoying and easy to fix. Story Points: 1 Sprint: Language 2016-01-13 Fix Version/s: PUP 4.3.2 Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc)
Jira (PUP-5644) puppet lookup command creates new SSL hierarchy with self-signed CA
Title: Message Title Jo Rhett commented on PUP-5644 Re: puppet lookup command creates new SSL hierarchy with self-signed CA Although I question whether creating the SSL directory structure makes any sense for Puppet apply? Not a big deal, but not useful for server-less nodes. Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5644) puppet lookup command creates new SSL hierarchy with self-signed CA
Title: Message Title
Jo Rhett commented on PUP-5644
Re: puppet lookup command creates new SSL hierarchy with self-signed CA
Yes, no CA is created with the latter form.
[vagrant@client ~]$ cd .puppetlabs/etc/puppet/
[vagrant@client puppet]$ ls
puppet.conf ssl
[vagrant@client puppet]$ rm -rf ssl
[vagrant@client puppet]$ ls -la ssl
ls: cannot access ssl: No such file or directory
[vagrant@client puppet]$ puppet apply -e 'notify { hello: }'
Notice: Compiled catalog for client.example.com in environment production in 0.02 seconds
Notice: hello
Notice: /Stage[main]/Main/Notify[hello]/message: defined 'message' as 'hello'
Jira (PUP-5644) puppet lookup command creates new SSL hierarchy with self-signed CA
Title: Message Title Jo Rhett created an issue Puppet / PUP-5644 puppet lookup command creates new SSL hierarchy with self-signed CA Issue Type: Bug Affects Versions: PUP 4.3.1 Assignee: Unassigned Created: 2016/01/03 2:38 AM Priority: Major Reporter: Jo Rhett Puppet lookup docs says it works on both masterless Puppet nodes, and nodes with a Puppet master (perhaps the docs should say server?). However it fails on agents, and produces an unexpected and unwelcome side effect on Puppet apply nodes. When using a masterless Puppet it creates a new SSL directory and populates a CA with a new key in the local node's name. [vagrant@client ~]$ cd .puppetlabs/etc/puppet
Jira (PUP-5644) puppet lookup command creates new SSL hierarchy with self-signed CA
Title: Message Title
Thomas Hallgren commented on PUP-5644
Re: puppet lookup command creates new SSL hierarchy with self-signed CA
Do you see a different regarding the SSL hierarchy between the commands:
puppet lookup
and
puppet apply -e 'notify { hello: }'
?
Add Comment
This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc)
--
You received this message because you are subscribed to the Google Groups "Puppet Bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-bugs@googlegroups.com.
Visit this group at https://groups.google.com/group/puppet-bugs.
For more options, visit
Jira (PUP-5644) puppet lookup command creates new SSL hierarchy with self-signed CA
Title: Message Title Kylo Ginsberg updated an issue Puppet / PUP-5644 puppet lookup command creates new SSL hierarchy with self-signed CA Change By: Kylo Ginsberg Scrum Team: Language Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
