Project

General

Profile

Feature #23210

PuppetCA: Token Based Autosigning

Added by Julian Todt 8 months ago. Updated 3 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
PuppetCA
Target version:
-
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

For idea and discussion, see https://community.theforeman.org/t/puppetca-orchestration-the-future-of-autosigning/8712 and https://github.com/theforeman/rfcs/pull/7/files

Todo:
- Remove previous autosigning functionality from foreman (mainly Host::Managed.handle_ca)
- Add a PuppetCA-Token to Host-Parameters
- Place token on host during provisioning
- Add api endpoint to validate tokens


Related issues

Related to Smart Proxy - Feature #23211: PuppetCA: Token Based AutosigningClosed
Related to Installer - Feature #23477: PuppetCA: Token Based AutosigningReady For Testing
Related to Foreman - Feature #23626: Move PuppetCA autosigning to build queueClosed2018-05-17
Related to Foreman - Bug #24993: migration broken on nightly mysqlNew

Associated revisions

Revision 30face9f (diff)
Added by Julian Todt 3 months ago

Fixes #23210 - Handle PuppetCA tokens

In a new SmartProxy PuppetCA autosigning variant
tokens get returned that need to be provisioned on
the host.

Revision c24aeb2b (diff)
Added by Julian Todt 3 months ago

Refs #23210 - Provision PuppetCA-Token on Host

Adds the PuppetCA-Token that is generated by Foreman
on Host-Creation in puppet's csr_attributes.yaml,
so it is included in puppet's CSR to be verified.

History

#1 Updated by Julian Todt 8 months ago

#2 Updated by The Foreman Bot 8 months ago

  • Pull request https://github.com/theforeman/foreman/pull/5465 added

#3 Updated by The Foreman Bot 8 months ago

  • Pull request https://github.com/theforeman/community-templates/pull/475 added

#4 Updated by Julian Todt 8 months ago

#5 Updated by The Foreman Bot 7 months ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/5580 added

#6 Updated by Julian Todt 7 months ago

  • Related to Feature #23626: Move PuppetCA autosigning to build queue added

#7 Updated by Timo Goebel 6 months ago

  • Legacy Backlogs Release (now unused) set to 353

#8 Updated by Timo Goebel 6 months ago

  • Pull request deleted (https://github.com/theforeman/foreman/pull/5465)

#9 Updated by Timo Goebel 6 months ago

  • Subject changed from PuppetCA: Token Based Autosigning to PuppetCA: Move autosign to build queue

#10 Updated by Timo Goebel 6 months ago

  • Legacy Backlogs Release (now unused) deleted (353)
  • Subject changed from PuppetCA: Move autosign to build queue to PuppetCA: Token Based Autosigning
  • Pull request deleted (https://github.com/theforeman/foreman/pull/5580)

#11 Updated by The Foreman Bot 6 months ago

  • Pull request https://github.com/theforeman/foreman/pull/5730 added

#12 Updated by Timo Goebel 3 months ago

  • Fixed in Releases 1.20.0 added

#13 Updated by Julian Todt 3 months ago

  • Status changed from Ready For Testing to Closed

#14 Updated by Michael Moll 3 months ago

  • Related to Bug #24993: migration broken on nightly mysql added

Also available in: Atom PDF