Project

General

Profile

Bug #3222

Disabling UUID certificates leaves UUID certname in place on newly created hosts

Added by Dominic Cleal almost 9 years ago. Updated almost 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
PuppetCA
Target version:
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

Expected:

Enable use_uuid_for_certificates
Create a host
Host has a UUID now
Set host to Build, pull the host's template, watch the certname UUID value be added to the Puppet Autosign file.
... realize that uuid certificates aren't right for your organization ...
Disable use_uuid_for_certificates
Set host to Build, pull the host's template, watch the certname hostname value be added to the autosign file.

Actual:

Set host to Build, pull the host's template, watch the certname UUID value be added to the Puppet Autosign file.
Watch as your Puppet run fails to get a certificate because the client has submitted a certificate request using its hostname now.

https://github.com/theforeman/foreman/pull/925


Related issues

Related to Foreman - Feature #3223: Warn the user of impact of disabling UUID certificatesNew2013-10-09
Related to Foreman - Bug #3541: ec2 provisioning failure in setSSHProvision (when no CA available?)Closed2013-10-29
Related to Foreman - Bug #6566: renaming a node does not change the certnameClosed2014-07-10

Associated revisions

Revision 943a133a (diff)
Added by Dominic Cleal almost 9 years ago

refs #3222 - document use_uuid_for_certificates and disable behaviour

Revision 89e506f7 (diff)
Added by Aaron Stone almost 9 years ago

fixes #3222 - nil the certname when handling certs if UUID certs have now been disabled

Revision cdf083d1 (diff)
Added by Aaron Stone almost 9 years ago

fixes #3222 - nil the certname when handling certs if UUID certs have now been disabled

(cherry picked from commit 89e506f7d955b4b440725fb5ef412fb2634cd762)

History

#1 Updated by Dominic Cleal almost 9 years ago

  • Related to Tracker #3112: [TRACKER] Issues to be released in 1.3 RC or final added

#2 Updated by Dominic Cleal almost 9 years ago

  • Related to Feature #3223: Warn the user of impact of disabling UUID certificates added

#3 Updated by Anonymous almost 9 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#4 Updated by Lukas Zapletal almost 9 years ago

  • Related to deleted (Tracker #3112: [TRACKER] Issues to be released in 1.3 RC or final)

#5 Updated by Dominic Cleal almost 9 years ago

  • Related to Bug #3541: ec2 provisioning failure in setSSHProvision (when no CA available?) added

#6 Updated by Dominic Cleal about 8 years ago

  • Related to Bug #6566: renaming a node does not change the certname added

Also available in: Atom PDF