[Puppet Users] vagrant and reusing certs after destroy box

[johan-OF]

Hi,

The situation ;
Whenever I bring up a vagrant box, I do a puppet run against my puppet 
master to configure some common things I need.
And I want to avoid the remove/new request and sign cycle after a 
vagrant destroy.

This can be done using following vagrant config :

    vm_config.vm.provision :puppet_server do |puppet_server|
      puppet_server.client_cert_path        = 
"box_certs/rspecfc20/cert_rspecfc20.koewacht.net.pem"
      puppet_server.client_private_key_path = 
"box_certs/rspecfc20/priv_rspecfc20.koewacht.net.pem"
      puppet_server.puppet_node             = "rspecfc20.koewacht.net"
      puppet_server.puppet_server           = "puppet.koewacht.net"
    end

but it does not work,
I get a "Error: Could not request certificate: stack level too deep"

so, i stumbled against https://projects.puppetlabs.com/issues/21869

This bug seemed to be solved in 3.4.x, but I'm running 3.4.3

But I think, when I want to reuse my certs on my clean vagrant box,

 CA public key of the server should also be provided with both the 
generated cert/private key of the node.

Even if i stumbled against this bug, which did give the solution of my 
problem, I think puppetmasters CA public key should always be provided.

I added in my fork of the vagrant code this extra config option, and now 
I my puppet run against my master, reusing my certs works :

      puppet_server.server_ca_public_key    = "box_certs/ca.pem"

But is this the way to do this, or a bug ?

Grts

Johan

--
Johan De Wit

Open Source Consultant

Red Hat Certified Engineer         (805008667232363)
Puppet Certified Professional 2013 (PCP0000006)
_________________________________________________________
 
Open-Future                 Phone     +32 (0)2/255 70 70
Zavelstraat 72              Fax       +32 (0)2/255 70 71
3071 KORTENBERG             Mobile    +32 (0)474/42 40 73
BELGIUM                     http://www.open-future.be
_________________________________________________________

Next Events:
Zabbix Certified Training | 
http://www.open-future.be/zabbix-certified-training-10-till-12th-march
Zabbix for Large Environments Training | 
http://www.open-future.be/zabbix-large-environments-training-13-till-14th-march
Puppet Intruction Course | 
http://www.open-future.be/puppet-introduction-course-14th-april
Puppet Advanced Training | 
http://www.open-future.be/puppet-advanced-training-15-till-17th-april
Subscribe to our newsletter | http://eepurl.com/BUG8H

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/530F9D6F.2090002%40open-future.be.
For more options, visit https://groups.google.com/groups/opt_out.