[Pkg-puppet-devel] Bug#1032060: puppetserver setup ca does not finish setup
Jérôme Charaoui
jerome at riseup.net
Mon Feb 27 18:21:46 GMT 2023
Control: severity -1 normal
Le 2023-02-27 à 11 h 29, Bastian Blank a écrit :
> On Mon, Feb 27, 2023 at 10:14:33AM -0500, Jérôme Charaoui wrote:
>> Unfortunately I'm unable to reproduce this issue. Is this a new puppetserver
>> installation, or an upgrade from puppet-master 5.5?
>
> This is a new installation.
>
> However I found the reason. The hostname setup is incomplete. The
> server considers the name for the certificate to be "debian-sid." and
> uses files "debian-sid..crt" (aka it adds a trailing dot).
>
> The agent seems to be not that kind and tries to get a new certificate,
> which fails as the CN is already in use.
I'm curious to learn how one may reproduce this issue. Here in my test
containers none of the machines' hostnames have a FQDN: only the host
part exists, and neither do puppet agent nor puppetserver add a trailing
dot to the client certificate.
Le 2023-02-27 à 11 h 46, Antoine Beaupré a écrit :
> Is not having a FQDN even supported in Puppet?
If a certificate can be generated for it, it works, so yes one can use
puppet on machines without FQDNs.
> Maybe this could warrant a severity downgrade too... Seems like an
edge case...
Downgraded to normal.
-- Jérôme
More information about the Pkg-puppet-devel
mailing list