Feature #23210
PuppetCA: Token Based Autosigning
Difficulty:
Triaged:
No
Description
For idea and discussion, see https://community.theforeman.org/t/puppetca-orchestration-the-future-of-autosigning/8712 and https://github.com/theforeman/rfcs/pull/7/files
Todo:
- Remove previous autosigning functionality from foreman (mainly Host::Managed.handle_ca)
- Add a PuppetCA-Token to Host-Parameters
- Place token on host during provisioning
- Add api endpoint to validate tokens
Related issues
Associated revisions
Refs #23210 - Provision PuppetCA-Token on Host
Adds the PuppetCA-Token that is generated by Foreman
on Host-Creation in puppet's csr_attributes.yaml,
so it is included in puppet's CSR to be verified.
History
#1
Updated by Julian Todt almost 5 years ago
- Related to Feature #23211: PuppetCA: Token Based Autosigning added
#2
Updated by The Foreman Bot almost 5 years ago
- Pull request https://github.com/theforeman/foreman/pull/5465 added
#3
Updated by The Foreman Bot almost 5 years ago
- Pull request https://github.com/theforeman/community-templates/pull/475 added
#4
Updated by Julian Todt almost 5 years ago
- Related to Feature #23477: PuppetCA: Token Based Autosigning added
#5
Updated by The Foreman Bot almost 5 years ago
- Status changed from Assigned to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/5580 added
#6
Updated by Julian Todt almost 5 years ago
- Related to Feature #23626: Move PuppetCA autosigning to build queue added
#7
Updated by Timo Goebel almost 5 years ago
- Legacy Backlogs Release (now unused) set to 353
#8
Updated by Timo Goebel almost 5 years ago
- Pull request deleted (
https://github.com/theforeman/foreman/pull/5465)
#9
Updated by Timo Goebel almost 5 years ago
- Subject changed from PuppetCA: Token Based Autosigning to PuppetCA: Move autosign to build queue
#10
Updated by Timo Goebel almost 5 years ago
- Legacy Backlogs Release (now unused) deleted (
353) - Subject changed from PuppetCA: Move autosign to build queue to PuppetCA: Token Based Autosigning
- Pull request deleted (
https://github.com/theforeman/foreman/pull/5580)
#11
Updated by The Foreman Bot almost 5 years ago
- Pull request https://github.com/theforeman/foreman/pull/5730 added
#12
Updated by Timo Goebel over 4 years ago
- Fixed in Releases 1.20.0 added
#13
Updated by Julian Todt over 4 years ago
- Status changed from Ready For Testing to Closed
Applied in changeset 30face9f4cc1f6dce2be6bfa8290e1922d0bf26b.
#14
Updated by Anonymous over 4 years ago
- Related to Bug #24993: migration broken on nightly mysql added
Fixes #23210 - Handle PuppetCA tokens
In a new SmartProxy PuppetCA autosigning variant
tokens get returned that need to be provisioned on
the host.