Jira (PUP-7667) puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set
Title: Message Title Florian Klink commented on PUP-7667 Re: puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set I don't use puppet anymore, so can't check again, sorry. If you can't reproduce it anymore, feel free to close this issue. Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.196080.1497521296000.19928.1597908600031%40Atlassian.JIRA.
Jira (PUP-7667) puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set
Title: Message Title Ciprian Badescu assigned an issue to Ciprian Badescu Puppet / PUP-7667 puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set Change By: Ciprian Badescu Assignee: Ciprian Badescu Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.196080.1497521296000.18989.159784277%40Atlassian.JIRA.
Jira (PUP-7667) puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set
Title: Message Title Ciprian Badescu commented on PUP-7667 Re: puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set I was not able to reproduce the issue on a Ubuntu 20.04/Puppet 6.17 Looking in source code, facter is using `gethostname` syscall to read full hostname and is using domain part form there, if available. This implies that `hostname -f` and `echo $(facter hostname).$(facter domain)` should have the same output as long as `hostname -f` contains domain part. File /etc/hostname is normally used by Linux during startup to set the system hostname, but I expect `facter` to be in sync with system hostname (as shown by hostname -f) as the file may be out of sync. Was in this case /etc/hostname file in sync with `hostname -f` command? Florian Klink, are you also able to reproduce the issue on newer versions of puppet? Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.196080.1497521296000.18985.1597841820095%40Atlassian.JIRA.
Jira (PUP-7667) puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set
Title: Message Title Mihai Buzgau updated an issue Puppet / PUP-7667 puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set Change By: Mihai Buzgau Story Points: 3 Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.196080.1497521296000.18801.1597829220047%40Atlassian.JIRA.
Jira (PUP-7667) puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set
Title: Message Title Mihai Buzgau updated an issue Puppet / PUP-7667 puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set Change By: Mihai Buzgau Sprint: NW - 2020-09-01 Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.196080.1497521296000.18726.1597818540099%40Atlassian.JIRA.
Jira (PUP-7667) puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set
Title: Message Title Josh Cooper updated an issue Puppet / PUP-7667 puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set Change By: Josh Cooper Team: Coremunity Night's Watch Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.196080.1497521296000.17584.1597710300030%40Atlassian.JIRA.
Jira (PUP-7667) puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set
Title: Message Title
Josh Cooper updated an issue
Puppet / PUP-7667
puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set
Change By:
Josh Cooper
Acceptance Criteria:
Puppet should default its certname to the {{facter fqdn}} fact and fallback to {{$(facter hostname).$(facter domain)}}.
Add Comment
This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)
--
You received this message because you are subscribed to the Google Groups "Puppet Bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.196080.1497521296000.123733.1569963600409%40Atlassian.JIRA.
Jira (PUP-7667) puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set
Title: Message Title Josh Cooper commented on PUP-7667 Re: puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set Makes sense Florian Klink. I've updated the description based on your suggestion. Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.196080.1497521296000.123723.1569963480298%40Atlassian.JIRA.
Jira (PUP-7667) puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set
Title: Message Title Josh Cooper updated an issue Puppet / PUP-7667 puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set Change By: Josh Cooper Team: Coremunity Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.196080.1497521296000.123721.1569963480289%40Atlassian.JIRA.
Jira (PUP-7667) puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set
Title: Message Title Josh Cooper updated an issue Puppet / PUP-7667 puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set Change By: Josh Cooper Fix Version/s: PUP 7.0.0 Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.196080.1497521296000.123715.1569963420901%40Atlassian.JIRA.
Jira (PUP-7667) puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set
Title: Message Title Josh Cooper assigned an issue to Unassigned Puppet / PUP-7667 puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set Change By: Josh Cooper Assignee: Daniel Dreier Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.196080.1497521296000.123712.1569963420889%40Atlassian.JIRA.
Jira (PUP-7667) puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set
Title: Message Title Mikker Gimenez updated an issue Puppet / PUP-7667 puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set Change By: Mikker Gimenez Team: InfraCore Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-7667) puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set
Title: Message Title Geoff Nichols assigned an issue to Daniel Dreier Puppet / PUP-7667 puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set Change By: Geoff Nichols Assignee: Daniel Dreier Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-7667) puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set
Title: Message Title Geoff Nichols updated an issue Puppet / PUP-7667 puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set Change By: Geoff Nichols Team: InfraCore Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-7667) puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set
Title: Message Title Florian Klink commented on PUP-7667 Re: puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set I still think it's wrong ignoring a FQDN set in /etc/hostname. By looking at facters code for 'fqdn', it will only muble-jumble with /etc/resolv.conf, it the hostname is not already full-qualified: https://github.com/puppetlabs/facter/blob/d53ef63aab6d73f11e9f647aca59dee36ad479af/lib/src/facts/posix/networking_resolver.cc#L60 So IMHO, default_certname should simply also use facter's fqdn value. For hosts without a fqdn set in /etc/hostname, this shouldn't change things at all (as it will still combine /etc/resolv.conf as before, but this will then be done in facter). Of course, this would still be something for a major release, as it will change behaviour for hosts with a FQDN set in /etc/hostname if different from a domain set in /etc/resolv.conf, but it will still make things much more consistent. Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-7667) puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set
Title: Message Title Josh Cooper commented on PUP-7667 Re: puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set Puppet's certname is by default taken from a combination of facter hostname and facter domain, see https://github.com/puppetlabs/puppet/blob/master/lib/puppet/settings.rb#L63-L72. The agent's CSR/private key/cert are saved on disk using its fqdn, e.g. /etc/puppetlabs/puppet/ssl/certs/.pem. So if the fqdn changes, then the agent will think it doesn't have a cert, and will generate a new CSR using the new fqdn. It's unlikely we will change this behavior (puppet has always worked this way), so I'm inclined to mark this as won't fix. Also note you can set the certname setting, and that will always take precedence over the fqdn, in situations where you need a stable certname despite the fqdn changing. Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-7667) puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set
Title: Message Title
Josh Cooper updated an issue
Puppet / PUP-7667
puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set
Change By:
Josh Cooper
When adding a new node which has a FQDN set in /etc/hostname, the generated CSR on puppet agent doesn't include the FQDN, as long as no DNS search domain is set. This makes things weird, as a second CSR will be generated when network is set up properly and the DNS domain suddenly appears:This might be due to facter not showing the FQDN correctly, but I'm unsure whether puppet agents derives the csr name from facter or not.{ { noformat} root@puppettest:~# cat /etc/hostname puppettest.mydomain.comroot@puppettest:~# facter hostnamepuppettestroot@puppettest:~# facter fqdnpuppettestroot@puppettest:~# puppet agent --server puppet.mydomain.com --waitforcert 10 -t --verboseInfo: Creating a new SSL key for puppettestInfo: Caching certificate for caInfo: csr_attributes file loading from /etc/puppet/csr_attributes.yamlInfo: Creating a new SSL certificate request for puppettestInfo: Certificate Request fingerprint (SHA256): F5:09:15:AD:A1:2A:F2:85:9E:A1:65:C9:23:9F:A4:16:50:36:89:8A:06:6F:FC:45:4F:6D:00:E9:1D:BA:25:C0Info: Caching certificate for caNotice: Did not receive certificate {noformat } } As soon as I add "{{domain mydomain.com}}" to {{/etc/resolv.conf}}, {{facter fqdn}} shows {{"puppettest.mydomain.com"}}, and the puppet agent generates a new certificate on the next run.I think it should be more consistent to take the FQDN from {{$(hostname)}}, if one is set there, instead of only {{$(hostname -s)}}, and adding one from {{/etc/resolv.conf}} if set. This applies both to {{facter fqdn}} and the agents method of deriving the certificate name.
Add Comment
This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe)
Jira (PUP-7667) puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set
Title: Message Title
Florian Klink created an issue
Puppet / PUP-7667
puppet agent doesn't create certificate with FQDN if /etc/hostname contains FQDN, but search domain is not set
Issue Type:
Bug
Assignee:
Unassigned
Created:
2017/06/15 3:08 AM
Environment:
Debian 9 (stretch) amd64 puppet-4.8.2-5, facter 2.4.6-1 from Debian Package Repository
Priority:
Normal
Reporter:
Florian Klink
When adding a new node which has a FQDN set in /etc/hostname, the generated CSR on puppet agent doesn't include the FQDN, as long as no DNS search domain is set. This makes things weird, as a second CSR will be generated when network is set up properly and the DNS domain suddenly appears:
This might be due to facter not showing the FQDN correctly, but I'm unsure whether puppet agents derives the csr name from facter or not.
{{root@puppettest:~# cat /etc/hostname puppettest.mydomain.com
root@puppettest:~# facter hostname puppettest root@puppettest:~# facter fqdn puppettest
root@puppettest:~# puppet agent --server puppet.mydomain.com --waitforcert 10 -t --verbose Info: Creating a new SSL key for puppettest Info: Caching certificate for ca Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for puppettest Info: Certificate Request fingerprint (SHA256): F5:09:15:AD:A1:2A:F2:85:9E:A1:65:C9:23:9F:A4:16:50:36:89:8A:06:6F:FC:45:4F:6D:00:E9:1D:BA:25:C0 Info: Caching certificate for ca Notice: Did not receive certificate}}
