Jira (PUP-6835) Puppet does not check for revoked cert against puppetdb connection
Title: Message Title Klavs Klavsen commented on PUP-6835 Re: Puppet does not check for revoked cert against puppetdb connection We have restarted the puppetmaster several times.. (it does not always handle updating functions etc. when we change them the cert on puppetdb was updated several months ago - only issue we ever saw, was the puppet node deactivate issue. Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6835) Puppet does not check for revoked cert against puppetdb connection
Title: Message Title Michael Smith commented on PUP-6835 Re: Puppet does not check for revoked cert against puppetdb connection The puppet master needs to restart to reload an updated CRL. Could that be what's happening? Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6835) Puppet does not check for revoked cert against puppetdb connection
Title: Message Title Klavs Klavsen created an issue Puppet / PUP-6835 Puppet does not check for revoked cert against puppetdb connection Issue Type: Bug Assignee: Unassigned Components: Puppet Server, PuppetDB Created: 2016/10/20 5:19 AM Priority: Normal Reporter: Klavs Klavsen We accidently revoked our puppetdb hosts puppet cert, and we just issued a new one so puppet agent worked again. But we had a weird issue with puppet node deactivate complaining that our puppetdb nodes cert was revoked - and yet our exported resources etc. worked just fine. I found out that since puppetdb SSL setup - is done by getting a copy of the puppet agent certs - it indeed had the old certs - which were revoked.. so it seems puppet does not do CRL checking in its communications with puppetdb. (except for puppet node stuff atleast Add Comment