vagrant and reusing certs after destroy box
136 views
Skip to first unread message
johan-OF
Feb 27, 2014, 3:17:51 PM2/27/14
to puppet...@googlegroups.com
Hi,
The situation ;
Whenever I bring up a vagrant box, I do a puppet run against my puppet
master to configure some common things I need.
And I want to avoid the remove/new request and sign cycle after a
vagrant destroy.
This can be done using following vagrant config :
vm_config.vm.provision :puppet_server do |puppet_server|
puppet_server.client_cert_path =
"box_certs/rspecfc20/cert_rspecfc20.koewacht.net.pem"
puppet_server.client_private_key_path =
"box_certs/rspecfc20/priv_rspecfc20.koewacht.net.pem"
puppet_server.puppet_node = "rspecfc20.koewacht.net"
puppet_server.puppet_server = "puppet.koewacht.net"
end
but it does not work,
I get a "Error: Could not request certificate: stack level too deep"
so, i stumbled against https://projects.puppetlabs.com/issues/21869
This bug seemed to be solved in 3.4.x, but I'm running 3.4.3
But I think, when I want to reuse my certs on my clean vagrant box,
CA public key of the server should also be provided with both the
generated cert/private key of the node.
Even if i stumbled against this bug, which did give the solution of my
problem, I think puppetmasters CA public key should always be provided.
I added in my fork of the vagrant code this extra config option, and now
I my puppet run against my master, reusing my certs works :
puppet_server.server_ca_public_key = "box_certs/ca.pem"
But is this the way to do this, or a bug ?
Grts
Johan
--
Johan De Wit
Open Source Consultant
Red Hat Certified Engineer (805008667232363)
Puppet Certified Professional 2013 (PCP0000006)
_________________________________________________________
Open-Future Phone +32 (0)2/255 70 70
Zavelstraat 72 Fax +32 (0)2/255 70 71
3071 KORTENBERG Mobile +32 (0)474/42 40 73
BELGIUM http://www.open-future.be
_________________________________________________________
Next Events:
Zabbix Certified Training | http://www.open-future.be/zabbix-certified-training-10-till-12th-march
Zabbix for Large Environments Training | http://www.open-future.be/zabbix-large-environments-training-13-till-14th-march
Puppet Intruction Course | http://www.open-future.be/puppet-introduction-course-14th-april
Puppet Advanced Training | http://www.open-future.be/puppet-advanced-training-15-till-17th-april
Subscribe to our newsletter | http://eepurl.com/BUG8H
The situation ;
Whenever I bring up a vagrant box, I do a puppet run against my puppet
master to configure some common things I need.
And I want to avoid the remove/new request and sign cycle after a
vagrant destroy.
This can be done using following vagrant config :
vm_config.vm.provision :puppet_server do |puppet_server|
puppet_server.client_cert_path =
"box_certs/rspecfc20/cert_rspecfc20.koewacht.net.pem"
puppet_server.client_private_key_path =
"box_certs/rspecfc20/priv_rspecfc20.koewacht.net.pem"
puppet_server.puppet_node = "rspecfc20.koewacht.net"
puppet_server.puppet_server = "puppet.koewacht.net"
end
but it does not work,
I get a "Error: Could not request certificate: stack level too deep"
so, i stumbled against https://projects.puppetlabs.com/issues/21869
This bug seemed to be solved in 3.4.x, but I'm running 3.4.3
But I think, when I want to reuse my certs on my clean vagrant box,
CA public key of the server should also be provided with both the
generated cert/private key of the node.
Even if i stumbled against this bug, which did give the solution of my
problem, I think puppetmasters CA public key should always be provided.
I added in my fork of the vagrant code this extra config option, and now
I my puppet run against my master, reusing my certs works :
puppet_server.server_ca_public_key = "box_certs/ca.pem"
But is this the way to do this, or a bug ?
Grts
Johan
--
Johan De Wit
Open Source Consultant
Red Hat Certified Engineer (805008667232363)
Puppet Certified Professional 2013 (PCP0000006)
_________________________________________________________
Open-Future Phone +32 (0)2/255 70 70
Zavelstraat 72 Fax +32 (0)2/255 70 71
3071 KORTENBERG Mobile +32 (0)474/42 40 73
BELGIUM http://www.open-future.be
_________________________________________________________
Next Events:
Zabbix Certified Training | http://www.open-future.be/zabbix-certified-training-10-till-12th-march
Zabbix for Large Environments Training | http://www.open-future.be/zabbix-large-environments-training-13-till-14th-march
Puppet Intruction Course | http://www.open-future.be/puppet-introduction-course-14th-april
Puppet Advanced Training | http://www.open-future.be/puppet-advanced-training-15-till-17th-april
Subscribe to our newsletter | http://eepurl.com/BUG8H
Charlie Sharpsteen
Feb 28, 2014, 1:04:10 PM2/28/14
to puppet...@googlegroups.com
Hi Johan,
It looks like the fix for #21869 was supposed to go out in 3.4.0 but got stuck on our "master" branch --- this means the fix won't show up until 3.5.0.
Your strategy of copying the CA pubkey and agent keypair to each node should work.
-Charlie
Reply all
Reply to author
Forward
0 new messages