The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com
Puppet cert generate subcommand does not exit with non-zero status when certificate is not created
|Assignee:||Jeff McCune||% Done:|
|Affected Puppet version:||2.7.12||Branch:||https://github.com/puppetlabs/puppet/pull/839|
|Keywords:||cert generate dns_alt_names alternate x509 x.509|
Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com
puppet cert generate foo.example.com --dns_alt_names foo,bar,foo.example.com the command fails but the exit status is 0, indicating success.
An exit status of 0 should only be returned on successful generation of the certificate.
When the command fails, the exit status is 0.
Steps to reproduce¶
Given 2.7.12 (Puppet Enterprise 2.5.1)
root@pe-centos6:~# puppet cert generate pe-internal-broker-test --dns_alt_names stomp,pe-centos6,pe-centos6.puppetlabs.vm notice: pe-internal-broker-test has a waiting certificate request err: Could not call generate: CSR 'pe-internal-broker-test' contains subject alternative names (DNS:pe-centos6, DNS:pe-centos6.puppetlabs.vm, DNS:pe-internal-broker-test, DNS:stomp), which are disallowed. Use `puppet cert --allow-dns-alt-names sign pe-internal-broker-test` to sign this request. root@pe-centos6:~# echo $? 0
#2 Updated by Jeff McCune over 2 years ago
Bit of background on catching the exception at the interface layer: