puppetca fails if no certificate exists
|Assigned to:||-||% Done:||
|Target version:||Foreman - Bug scrub|
When provisioning a new system the puppetca on my proxy would fail when a certificate did not exist.
D, [2011-11-02T20:30:34.128187 #23302] DEBUG -- : Executing /usr/bin/sudo -S /usr/sbin/puppetca --clean host.domain.tld W, [2011-11-02T20:30:34.721068 #23302] WARN -- : Failed to run puppetca: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key E, [2011-11-02T20:30:34.721437 #23302] ERROR -- : Failed to remove certificate(s) for cllalynx.tamu.edu: Execution of puppetca failed, check log files
With Puppet 2.6.12 I found that puppetca --clean still reports a failure if the certificate is not found. The only way to generate the same text that the smart-proxy code looks for is to run a puppetca --verify.
I have attached a patch to first verify if a certificate exists before attempting to run the clean. Tested on 0.3 rc2.
Updated by Ohad Levy over 1 year ago
I'm not 100% sure why this is required.
I mean, why would a clean operation fail ?
Updated by Dominic Cleal 6 months ago
This looks a bit like the master warning that its own certificate is not matching the private key, since it wouldn't have access to another host's private key. The --verify that was run would probably be testing the same (its own key/cert).
I think this is a master config problem, not simply that a certificate doesn't exist.