[puppetserver ca list --all] default host name and output format
954 views
Skip to first unread message
Kaushal Kumar
Mar 4, 2021, 11:05:14 AM3/4/21
to Puppet Users
Hi,
While migrating from puppet 5 to 6 (6.20), it was noticed that puppet cert ca list --all was deprecated with puppetserver ca list --all. When we execute this command we get an error:
Fatal error when running action 'list'
Error: Failed connecting to https://puppet:8140/puppet-ca/v1/certificate_statuses/any_key
Root cause: Failed to open TCP connection to puppet:8140 (getaddrinfo: Name or service not known)
This error indicates that puppet is looking for a host names puppet whereas the puppetserver host alias in /etc/hosts is puppetserver.
When we add another alias as puppet to /etc/hosts then this command gets executed successfully. I have 2 queries on this
1. Is there a mechanism to execute this command without modifying /etc/hosts
2. What is the output structure of this command. I need to parse this using a script. In version 5 the format was having a prefix of +, - etc, which does not exists now.
Can you please help me with this.
Regards,
Kaushal
Maggie Dreyer
Mar 4, 2021, 12:36:26 PM3/4/21
to puppet...@googlegroups.com
Hello Kaushal,
The command is supposed to use the value of the `server` setting from the [main], [master], or [server] section of puppet.conf to construct the URL. You can view that setting by running
puppet config print server
and you can configure it with
puppet config set server <your server name or alias>
This will add the server setting to the [main] section of puppet.conf, which should cause it to get picked up by the CA CLI.
We have a ticket for formatted output for this command, SERVER-2252. But unfortunately there isn't any currently. The command is split into three sections divided by headers describing the state of the certs: Requested Certificates, Signed Certificates, and Revoked Certificates.
As input for that ticket , would JSON output also satisfy your scripting use case?
Hope this helps,
Maggie
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ddc0b75e-66e2-4e3d-9cab-821457bc6e4dn%40googlegroups.com.
Kaushal Kumar
Mar 6, 2021, 11:11:09 AM3/6/21
to Puppet Users
Hi Maggie,
Thanks a lot for your response. We have updated the server name and got the command working.
Regarding the output format, json will help, but a clear documented output at command line would have been better as well. If you check the docs of 5.5, then you will find that the output format is documented and also quite clear. For example it has a prefix of + and - etc.
I do not know what value addition we have got in changing this in version 6, but it certainly has broken backward compatibility. Can we get the new structure of output of command. Would we get the requested Certificate come first or Signed Certificate. What would be listed when there is no requested centficate, would we still get that as an empty list?
Regards,
Kaushal
Reply all
Reply to author
Forward
0 new messages