Issue #9118 has been updated by Alexander Piavlo.
Puppet 2.7.3 CentOS 5.6 ---------------------------------------- Bug #9118: Puppet client does not update and does consult the crl during authentication https://projects.puppetlabs.com/issues/9118 Author: Alexander Piavlo Status: Needs More Information Priority: Normal Assignee: Alexander Piavlo Category: SSL Target version: Affected Puppet version: Keywords: Branch: I my tests puppet client never updates it's /var/lib/puppet/ssl/ca/ca_crl.pem from the master even if I delete it - it is not fetched from master then client runs. Another issue is that puppet client does not consult the crl - after revoking cert of node dev2.internal on master - and manually copying /var/lib/puppet/ssl/ca/{ca_crl.pem,inventory.txt} to client mon1a.internal and restarting the client to make sure it can pickup the crl changes - I was still able to trigger client puppet run on mon1a.internal from dev2.internal. It looks like puppet - client does not take the crl into consideration then authenticating. The relevant config on mon1a.internal is ---- # allow all authenticated nodes to trigger puppet run path /run method save auth yes allow * ---- this ACL comes first in the auth.conf file And this is the command I used to triger puppet run from dev2.internal curl --cert /var/lib/puppet/ssl/certs/dev2.internal.pem --key /var/lib/puppet/ssl/private_keys/dev2.internal.pem --cacert /var/lib/puppet/ssl/certH "Content-Type: text/pson" -d "{}" https://mon1a.internal:8139/production/run/dev2.internal Could these problems be taken care of? Thanks Alex -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
