puppet cert clean cleaning over and over
35 views
Skip to first unread message
Marc Haber
Apr 22, 2018, 10:33:04 AM4/22/18
to puppet...@googlegroups.com
Hi,
I do have a certain host that I use for testing. It thus gets deleted
and re-created (in Foreman) over and over again. Eventually, rebuilding
the host times out at the puppet cert clean state.
Foreman issues "puppet cert clean FQDN". When I invoke that from the
command line, I get "Notice: Revoked certificate" for a number of
serials, filling screens:
Notice: Revoked certificate with serial 4898
Notice: Revoked certificate with serial 4903
Notice: Revoked certificate with serial 4904
Notice: Revoked certificate with serial 4945
Notice: Revoked certificate with serial 4946
Notice: Revoked certificate with serial 5149
When the foreman cert clean has eventually finished, the foreman-proxy
has timed out in the mean time, and the build fails. Repeating the
puppet cert clean results in the same serials being revoked again and
again.
Is there a method to clean up the puppet CA so that puppet cert clean
doesn't try revoking certificates that do no longer exist at all?
There is no file matching the FQDN in /var/lib/puppet/ssl at all.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
I do have a certain host that I use for testing. It thus gets deleted
and re-created (in Foreman) over and over again. Eventually, rebuilding
the host times out at the puppet cert clean state.
Foreman issues "puppet cert clean FQDN". When I invoke that from the
command line, I get "Notice: Revoked certificate" for a number of
serials, filling screens:
Notice: Revoked certificate with serial 4898
Notice: Revoked certificate with serial 4903
Notice: Revoked certificate with serial 4904
Notice: Revoked certificate with serial 4945
Notice: Revoked certificate with serial 4946
Notice: Revoked certificate with serial 5149
When the foreman cert clean has eventually finished, the foreman-proxy
has timed out in the mean time, and the build fails. Repeating the
puppet cert clean results in the same serials being revoked again and
again.
Is there a method to clean up the puppet CA so that puppet cert clean
doesn't try revoking certificates that do no longer exist at all?
There is no file matching the FQDN in /var/lib/puppet/ssl at all.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
John Warburton
May 17, 2018, 12:30:38 AM5/17/18
to puppet-users
These are held in the CA inventory .../puppet/ssl/ca/inventory.txt
See https://ask.puppet.com/question/25818/how-to-manage-size-of-inventorytxt/ for a discussion about cleaning it up, but essentially - delete your test host entries here--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20180422143251.i5t7v77ed3el5p7e%40torres.zugschlus.de.
For more options, visit https://groups.google.com/d/optout.
--
Marc Haber
May 17, 2018, 2:40:41 AM5/17/18
to puppet...@googlegroups.com
Hi,
thanks for helping. I found about puppet cert reinventory a few weeks
ago and it solved the issue for me. Sorry for not reporting back any
earlier.
Greetings
Marc
On Thu, May 17, 2018 at 02:30:08PM +1000, John Warburton wrote:
> These are held in the CA inventory .../puppet/ssl/ca/inventory.txt
>
> See
> https://ask.puppet.com/question/25818/how-to-manage-size-of-inventorytxt/
> for a discussion about cleaning it up, but essentially - delete your test
> host entries here
>
> John
thanks for helping. I found about puppet cert reinventory a few weeks
ago and it solved the issue for me. Sorry for not reporting back any
earlier.
Greetings
Marc
On Thu, May 17, 2018 at 02:30:08PM +1000, John Warburton wrote:
> These are held in the CA inventory .../puppet/ssl/ca/inventory.txt
>
> See
> https://ask.puppet.com/question/25818/how-to-manage-size-of-inventorytxt/
> for a discussion about cleaning it up, but essentially - delete your test
> host entries here
>
> John
Reply all
Reply to author
Forward
0 new messages