Jira (PUP-2354) agent is confused about cert state
Title: Message Title Heston Hoffman updated an issue Puppet / PUP-2354 agent is confused about cert state Change By: Heston Hoffman Labels: redmine resolved-issue-added Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Josh Cooper updated an issue Puppet / PUP-2354 agent is confused about cert state Change By: Josh Cooper Release Notes Summary: Puppet agents no longer get stuck if the server has a CSR or cert from a previous instance of the agent. This enables the `allow_duplicate_certs` setting to work as expected. Release Notes: Known Issue Bug Fix Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Josh Cooper commented on PUP-2354 Re: agent is confused about cert state In the upcoming 6.4 release, it will be possible to set allow_duplicate_certs=true, and the agent can submit a CSR even if there is a CSR or signed cert with the same name. If/when the administrator revokes the old cert and signs the new cert, then the agent will download the new cert and proceed as expected. Some of the gotchas described by the OP and in comments have been fixed, such as caching mismatched CSRs from the server. For example, if a node has a valid client cert and you clean it, it will create a new private key and download the previous instance of the cert. Since the cert is mismatched, the agent will error and discard it: $ bx puppet ssl clean --certname mars Notice: Removed private key /tmp/ssltest26/private_keys/mars.pem Notice: Removed certificate /tmp/ssltest26/certs/mars.pem $ bx puppet agent -t --certname mars Info: Creating a new SSL key for mars Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for mars Info: Certificate Request fingerprint (SHA256): 09:50:AC:D9:55:43:D2:33:C7:CA:FF:B2:08:58:03:E7:1B:C9:AC:6D:01:4D:C7:34:43:85:64:67:22:03:64:DA Info: Downloaded certificate for mars from puppet.delivery.puppetlabs.net
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Mohak Sharma commented on PUP-2354 Re: agent is confused about cert state Hi Josh, I have set autosign to a bash script which return zero or non-zero status according to some logic and enables autosigning from a legitimate source. Just want to make sure according to the limitations listed by you, will it work if I set allow_duplicate_certs to true? Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Josh Cooper commented on PUP-2354 Re: agent is confused about cert state There are a few issues here. Newly provisioned agents generate a key pair, but optimistically try to download an issued cert before sending a CSR. This is due to the byzantine logic in Puppet::SSL::Host. If there happens to be an issued cert from the previous agent instance, then the agent prints the error message about a mismatched key and cert, and to make matters worse, saves the mismatched cert to disk. This breaks all future attempts to bootstrap the agent's cert. I am working on fixing this mess as described in other tickets in this Epic. But I have a few questions for watchers on this specific ticket. Assuming allow_duplicate_certs=true, I'm proposing: If the agent submits a CSR and there is already a CSR present on the server (same or different content), then the server will overwrite its version with whatever the agent sent. If the agent submits a CSR and there is already an issued cert (from possibly a previous instance), the server will save the agent's CSR, but leave the issued cert as-is. We have to be careful about "automatically" revoking old certs and signing new ones, because a malicious unauthenticated user could submit a CSR for the ca or puppetserver node. Would it be sufficient to restrict the scope of this to: If you set allow_duplicate_certs=true then autosign must be false or you must provide an autosigning policy to conditionally clean the old instance and issue a new cert? In particular autosign=true would not be allowed. If an autosign policy is used, then it's up to the user to define when it it acceptable to clean a node's cert, such as using the AWS instance-id Eric Sorenson mentions above? We should blacklist the ca node and any node name whose cert contains the isCA: TRUE basic constraint We could only allow certs to be revoked if they contain a cert extension indicating they are "recycle-able", something like pp_ephemeral=true. Infrastructure nodes like compiler, etc wouldn't have that extension in their cert. Thoughts? Add Comment
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Adam Bottchen updated an issue Puppet / PUP-2354 agent is confused about cert state Change By: Adam Bottchen CS Priority: Needs Priority Reviewed Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Thomas Kishel updated an issue Puppet / PUP-2354 agent is confused about cert state Change By: Thomas Kishel CS Priority: Needs Priority Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Thomas Kishel updated an issue Puppet / PUP-2354 agent is confused about cert state If `allow_duplicate_certs` is broken, we should document it as a known issue to spare users the frustration of trying to utilize it? Change By: Thomas Kishel Release Notes: Known Issue Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Jayant Sane assigned an issue to Unassigned Puppet / PUP-2354 agent is confused about cert state Change By: Jayant Sane Assignee: Jayant Sane Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Tama MA commented on PUP-2354 Re: agent is confused about cert state Noted with thanks. Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Thomas Kishel commented on PUP-2354 Re: agent is confused about cert state Tama, your best practices question falls outside the scope of this product engineering ticketing system. That said, certificates are integral to the Puppet Agent/Server model as they are used to establish identity as well as encryption, so there is no supported practice to select as best. Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Josh Cooper commented on PUP-2354 Re: agent is confused about cert state could you give us an update of the best practices to disable agent SSL certification... Therefore, there is no need for extra SSL protection by Puppet. There isn't currently a way to disable SSL, because puppet relies on client certs for client authentication (so it's more than confidentiality and integrity). Puppet also relies on client certs to provide trusted facts during compilation. The question of disabling SSL has come up before, eg. https://groups.google.com/d/msg/puppet-users/5Y4BgGgsoRk/8A6GThP_BgAJ. I'd suggest filling a new ticket as it's unrelated to this particular issue. Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Tama MA commented on PUP-2354 Re: agent is confused about cert state Hi Josh, Noted with thanks. After fixing this bug, could you kindly give us an update of the best practices to disable agent SSL certification? FYI: My entire infrastructure is VPN protected, with all ports listening to VPN interface. Therefore, there is no need for extra SSL protection by Puppet. Thanks! Kind regards, Tama Ma Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Josh Cooper commented on PUP-2354 Re: agent is confused about cert state We were not able to resolve the agent-side issues in Puppet6. That said, I am working on a set of PRs so the agent no longer uses the indirector to manage its cert/keys. Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Jayant Sane assigned an issue to Jayant Sane Puppet / PUP-2354 agent is confused about cert state Change By: Jayant Sane Assignee: Jayant Sane Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Noam Davida commented on PUP-2354 Re: agent is confused about cert state Still same issue, guys we can't work like this, can someone fix this please? This feature is useless: allow_duplicate_certs = true I'm using Puppet in lab env, needs to reinstall multiple machines daily, Please either fix above or release an option to not use certification at all. Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Noam Davida updated an issue Puppet / PUP-2354 agent is confused about cert state Change By: Noam Davida Priority: Normal Critical Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Tama MA commented on PUP-2354 Re: agent is confused about cert state Matt Moldvan Your workaround will work. Thank you so much! Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Matt Moldvan commented on PUP-2354 Re: agent is confused about cert state Years later and I ran into this today when attempting to assist set up of an auto scaled environment in AWS. Unfortunate that this is still a thing in 2018. At first appending the EC2 instance id to the beginning of the cert name was working, but when attempting to run Puppet from an EC2 user data script, the behavior was unpredictable and I got the dreaded key mismatch error. So I found allow_duplicate_certs, set it to true and thought we'd be good, but then found this bug report still lingering with one or two "can I have an update" every year or two. I ended up having the devs use uuidgen in the certname option to create a temporary cert when new instances are provisioned. I don't foresee a collision there or issues with accessing the EC2 metadata early in the provision process, so that appears to be a workaround for now. Leaving it here for anyone else that runs into this same issue... Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Tama MA commented on PUP-2354 Re: agent is confused about cert state Is there anyway to get rid of SSL altogether? +My entire cluster runs on top of VPN, so I do not need SSL from puppet. Otherwise, I will need allow_duplicate_certs = true to work on agents. It is really unproductive to delete certs from the master, everytime I vagrant destroy / up couple of nodes per day. Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Josh Cooper updated an issue Puppet / PUP-2354 agent is confused about cert state Change By: Josh Cooper Sub-team: Coremunity Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Daniel Heller commented on PUP-2354 Re: agent is confused about cert state I'd appreciate an update too. Any chance of a fix in Puppet 5? And I presume the misspelling of allow_duplicate_certs in the Description is just a typo there, ie nobody's actually tested with it like that? Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Eric Sorenson updated an issue Puppet / PUP-2354 agent is confused about cert state Change By: Eric Sorenson On my master, I set:{code}[main] allow_deplicate_certs allow_duplicate_certs = true{code}on the master, I regenerate a private key, I get the failure:{noformat}root@cygnet-2:~# puppet agent -t --ssldir=/tmp/info: Creating a new SSL key for cygnet-2.cygnet.labwarning: peer certificate won't be verified in this SSL sessioninfo: Caching certificate for cawarning: peer certificate won't be verified in this SSL sessioninfo: Caching certificate for cygnet-2.cygnet.laberr: Could not request certificate: The certificate retrieved from the master does not match the agent's private key.Certificate fingerprint: B5:FE:4C:B6:D8:75:2C:8D:FD:05:48:53:43:DC:B4:10To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate.On the master: puppet cert clean cygnet-2.cygnet.labOn the agent: rm -f /tmp/certs/cygnet-2.cygnet.lab.pem puppet agent -t{noformat}It appears that the agent does not actually resend its cert req if one already exists, meaning that allow duplicate certs does not work with puppet agent.This issue was observed with Puppet 2.7.12, but I do not believe it is a regression. Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Karen Van der Veer updated an issue Puppet / PUP-2354 agent is confused about cert state Change By: Karen Van der Veer Sprint: Client 2016-05-18 , Platform Core Grooming Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Karen Van der Veer updated an issue Puppet / PUP-2354 agent is confused about cert state Change By: Karen Van der Veer Sprint: Client 2016-05-18, Platform Core 2017-09-19 Grooming Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Karen Van der Veer updated an issue Puppet / PUP-2354 agent is confused about cert state Change By: Karen Van der Veer Sprint: Client 2016-05-18, Platform Core 2017-09- 05 19 Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Maggie Dreyer updated an issue Puppet / PUP-2354 agent is confused about cert state Change By: Maggie Dreyer Sprint: Client 2016-05-18 , Platform Core 2017-09-05 Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title James G commented on PUP-2354 Re: agent is confused about cert state Still broken on 4.10. Seriously guys, are you going for a record on longest lasting bug in code history? Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Moses Mendoza updated an issue Puppet / PUP-2354 agent is confused about cert state Change By: Moses Mendoza Labels: redmine triaged Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Maggie Dreyer updated an issue Puppet / PUP-2354 agent is confused about cert state Change By: Maggie Dreyer Team: Agent Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Maggie Dreyer updated an issue Puppet / PUP-2354 agent is confused about cert state Change By: Maggie Dreyer Labels: redmine triaged Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Brandon Ess commented on PUP-2354 Re: agent is confused about cert state Any update on this issue? I would like to get this feature working as expected. Running PE 2016.4.3. Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title William Hopper updated an issue Puppet / PUP-2354 agent is confused about cert state Change By: William Hopper Sprint: Client 2016-05-18 , Client 2016-07-13 (HA, 1.5.3) Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Eric Sorenson commented on PUP-2354 Re: agent is confused about cert state ping Stan Duffy and Adrien Thebo since we talked about this in the backlog grooming - hoisting this up for investigation. Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Eric Sorenson updated an issue Puppet / PUP-2354 agent is confused about cert state Change By: Eric Sorenson Sprint: Client Community Triage, Client 2016-05-18 , Client 2016-07-13 (HA, 1.5.3) Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Pierre-Gilles Mialon commented on PUP-2354 Re: agent is confused about cert state We have also tested this patch it works as expected, thanks! I see that this patch is in community triage, when is the next step? Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Branan Riley updated an issue Puppet / PUP-2354 agent is confused about cert state Change By: Branan Riley Sprint: Client 2016-05-18 Community Triage , Client 2016- 06 05 - 01 18 Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Steve Barlow updated an issue Puppet / PUP-2354 agent is confused about cert state Change By: Steve Barlow Sprint: Client 2016-05-18 , Client 2016-06-01 Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Stan Duffy updated an issue Puppet / PUP-2354 agent is confused about cert state Change By: Stan Duffy QA Risk Assessment Reason: Happens all the tie QA Highest Test Level: Acceptance QA Risk Severity Reason: Duplicate certs are rarely required QA Risk Probability: Low QA Risk Severity: Medium QA Status: Reviewed Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9)
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Stan Duffy updated an issue Puppet / PUP-2354 agent is confused about cert state Change By: Stan Duffy QA Risk Assessment: High Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Branan Riley updated an issue Puppet / PUP-2354 agent is confused about cert state Change By: Branan Riley Story Points: 1 Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Steve Barlow updated an issue Puppet / PUP-2354 agent is confused about cert state Change By: Steve Barlow Scrum Team: Client Platform Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Branan Riley assigned an issue to Branan Riley Puppet / PUP-2354 agent is confused about cert state Change By: Branan Riley Assignee: Branan Riley Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Branan Riley updated an issue Puppet / PUP-2354 agent is confused about cert state Change By: Branan Riley Sprint: Client 2016-05-18 (Freeze) Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Raphaël RONDEAU commented on PUP-2354 Re: agent is confused about cert state I made a quick patch, tested on my infra, let me know if it's ok for you. https://github.com/puppetlabs/puppet/pull/4897 Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Harley Larsen commented on PUP-2354 Re: agent is confused about cert state Looks like we're seeing this one as well - since it's been a few months, can anyone provide any new insight? I'm more than happy to help debug, but it seems pretty clear there is an issue here. Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Ahmad Jagot commented on PUP-2354 Re: agent is confused about cert state This is still broken on 3.8.1 We've tried Eric Sorenson's suggestion, which does not work either – the script does not get run, because [afaict] the client refuses to talk to the CA, when the public key the latter provides doesn’t verify against the former’s freshly-generated SSL key. Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Kristin Laemmert commented on PUP-2354 Re: agent is confused about cert state I'm a year late to the game, but: I would much rather this be fixed or removed from documentation - I already auto-sign everything, I don't want to add a step there if this should be an available option. I'm on PE 3.8 Add Comment This message was sent by Atlassian JIRA (v6.4.11#64026-sha1:78f6ec4) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Aaron Armstrong updated an issue Puppet / PUP-2354 agent is confused about cert state Change By: Aaron Armstrong Component/s: Server Add Comment This message was sent by Atlassian JIRA (v6.3.10#6340-sha1:7ea293a) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-2354) agent is confused about cert state
Title: Message Title Aaron Armstrong updated an issue Puppet / PUP-2354 agent is confused about cert state Change By: Aaron Armstrong Summary: agentisconfusedabout it's certstate Add Comment This message was sent by Atlassian JIRA (v6.3.10#6340-sha1:7ea293a) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.