Project

General

Profile

Feature #23210

PuppetCA: Token Based Autosigning

Added by Julian Todt almost 5 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Julian Todt
Category:
PuppetCA
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman/pull/5730, https://github.com/theforeman/community-templates/pull/475
Fixed in Releases:
1.20.0
Found in Releases:
Red Hat JIRA:

Description

For idea and discussion, see https://community.theforeman.org/t/puppetca-orchestration-the-future-of-autosigning/8712 and https://github.com/theforeman/rfcs/pull/7/files

Todo:
- Remove previous autosigning functionality from foreman (mainly Host::Managed.handle_ca)
- Add a PuppetCA-Token to Host-Parameters
- Place token on host during provisioning
- Add api endpoint to validate tokens

Related issues

Related to Smart Proxy - Feature #23211: PuppetCA: Token Based AutosigningClosed
Related to Installer - Feature #23477: PuppetCA: Token Based AutosigningNew
Related to Foreman - Feature #23626: Move PuppetCA autosigning to build queueClosed2018-05-17
Related to Foreman - Bug #24993: migration broken on nightly mysqlClosed

Associated revisions

Revision 30face9f (diff)
Added by Julian Todt over 4 years ago

Fixes #23210 - Handle PuppetCA tokens

In a new SmartProxy PuppetCA autosigning variant
tokens get returned that need to be provisioned on
the host.

Revision c24aeb2b (diff)
Added by Julian Todt over 4 years ago

Refs #23210 - Provision PuppetCA-Token on Host

Adds the PuppetCA-Token that is generated by Foreman
on Host-Creation in puppet's csr_attributes.yaml,
so it is included in puppet's CSR to be verified.

History

#1 Updated by Julian Todt almost 5 years ago

#2 Updated by The Foreman Bot almost 5 years ago

  • Pull request https://github.com/theforeman/foreman/pull/5465 added

#3 Updated by The Foreman Bot almost 5 years ago

  • Pull request https://github.com/theforeman/community-templates/pull/475 added

#4 Updated by Julian Todt almost 5 years ago

#5 Updated by The Foreman Bot almost 5 years ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/5580 added

#6 Updated by Julian Todt almost 5 years ago

  • Related to Feature #23626: Move PuppetCA autosigning to build queue added

#7 Updated by Timo Goebel almost 5 years ago

  • Legacy Backlogs Release (now unused) set to 353

#8 Updated by Timo Goebel almost 5 years ago

  • Pull request deleted (https://github.com/theforeman/foreman/pull/5465)

#9 Updated by Timo Goebel almost 5 years ago

  • Subject changed from PuppetCA: Token Based Autosigning to PuppetCA: Move autosign to build queue

#10 Updated by Timo Goebel almost 5 years ago

  • Legacy Backlogs Release (now unused) deleted (353)
  • Subject changed from PuppetCA: Move autosign to build queue to PuppetCA: Token Based Autosigning
  • Pull request deleted (https://github.com/theforeman/foreman/pull/5580)

#11 Updated by The Foreman Bot almost 5 years ago

  • Pull request https://github.com/theforeman/foreman/pull/5730 added

#12 Updated by Timo Goebel over 4 years ago

  • Fixed in Releases 1.20.0 added

#13 Updated by Julian Todt over 4 years ago

  • Status changed from Ready For Testing to Closed

#14 Updated by Anonymous over 4 years ago

  • Related to Bug #24993: migration broken on nightly mysql added

Also available in: Atom PDF