The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

Bug #7637

puppet generate certificate fails b/c it calls save csr twice

Added by Dan Bode almost 3 years ago. Updated almost 3 years ago.

Status:In Topic Branch Pending ReviewStart date:05/23/2011
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-
Affected Puppet version: Branch:https://github.com/bodepd/puppet/tree/issue/2.7.x/7637_creates_csr_twice
Keywords:

We've Moved!

Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com

This ticket may be automatically exported to the PUP project on JIRA using the button below:


Description

When trying to generate the certificate for a node, I get the following error:

$ puppet certificate generate blahtest2 --ca-location remote
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
err: Error 400 on SERVER: blahtest2 already has a requested certificate; ignoring certificate request
err: Try 'puppet help certificate generate' for usage

this appears to be b/c it tries to send the certificate request twice

on the master:

err: Could not resolve 192.168.161.1: no name for 192.168.161.1
info: access[^/catalog/([^/]+)$]: allowing 'method' find
info: access[^/catalog/([^/]+)$]: allowing $1 access
info: access[^/node/([^/]+)$]: allowing 'method' find
info: access[^/node/([^/]+)$]: allowing $1 access
info: access[/certificate_revocation_list/ca]: allowing 'method' find
info: access[/certificate_revocation_list/ca]: allowing * access
info: access[/report]: allowing 'method' save
info: access[/report]: allowing * access
info: access[/file]: allowing * access
info: access[/certificate/ca]: adding authentication no
info: access[/certificate/ca]: allowing 'method' find
info: access[/certificate/ca]: allowing * access
info: access[/certificate/]: adding authentication no
info: access[/certificate/]: allowing 'method' find
info: access[/certificate/]: allowing * access
info: access[/certificate_request]: adding authentication no
info: access[/certificate_request]: allowing 'method' find
info: access[/certificate_request]: allowing 'method' save
info: access[/certificate_request]: allowing * access
info: access[/facts/search]: adding authentication any
info: access[/facts/search]: allowing 'method' search
info: access[/facts/search]: allowing * access
info: access[/inventory]: allowing 'method' search
info: access[/inventory]: allowing dashboard access
info: access[/certificate_status]: allowing 'method' save
info: access[/certificate_status]: adding authentication yes
info: access[/certificate_status]: allowing * access
info: access[/]: adding authentication any
info: access[/]: allowing * access
info: Inserting default '/status'(auth) ACL because none were found in '/etc/puppet/auth.conf'
notice: blahtest2 has a waiting certificate request
err: Could not resolve 192.168.161.1: no name for 192.168.161.1
/usr/local/dev/puppet/lib/puppet/indirector/certificate_request/ca.rb:14:in `save'
/usr/local/dev/puppet/lib/puppet/indirector/indirection.rb:264:in `save'
/usr/local/dev/puppet/lib/puppet/ssl/certificate_request.rb:12:in `save'
/usr/local/dev/puppet/lib/puppet/network/http/handler.rb:164:in `do_save'
/usr/local/dev/puppet/lib/puppet/network/http/handler.rb:68:in `send'
/usr/local/dev/puppet/lib/puppet/network/http/handler.rb:68:in `process'
/usr/local/dev/puppet/lib/puppet/network/http/webrick/rest.rb:24:in `service'
/usr/lib/ruby/1.8/webrick/httpserver.rb:104:in `service'
/usr/lib/ruby/1.8/webrick/httpserver.rb:65:in `run'
/usr/local/dev/puppet/lib/puppet/network/http/webrick.rb:45:in `listen'
/usr/lib/ruby/1.8/webrick/server.rb:173:in `call'
/usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread'
/usr/lib/ruby/1.8/webrick/server.rb:162:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread'
/usr/lib/ruby/1.8/webrick/server.rb:95:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:92:in `each'
/usr/lib/ruby/1.8/webrick/server.rb:92:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:23:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:82:in `start'
/usr/local/dev/puppet/lib/puppet/network/http/webrick.rb:42:in `listen'
/usr/local/dev/puppet/lib/puppet/network/http/webrick.rb:41:in `initialize'
/usr/local/dev/puppet/lib/puppet/network/http/webrick.rb:41:in `new'
/usr/local/dev/puppet/lib/puppet/network/http/webrick.rb:41:in `listen'
/usr/lib/ruby/1.8/thread.rb:135:in `synchronize'
/usr/local/dev/puppet/lib/puppet/network/http/webrick.rb:38:in `listen'
/usr/local/dev/puppet/lib/puppet/network/server.rb:127:in `listen'
/usr/local/dev/puppet/lib/puppet/network/server.rb:142:in `start'
/usr/local/dev/puppet/lib/puppet/daemon.rb:124:in `start'
/usr/local/dev/puppet/lib/puppet/application/master.rb:192:in `main'
/usr/local/dev/puppet/lib/puppet/application/master.rb:134:in `run_command'
/usr/local/dev/puppet/lib/puppet/application.rb:307:in `run'
/usr/local/dev/puppet/lib/puppet/application.rb:411:in `hook'
/usr/local/dev/puppet/lib/puppet/application.rb:307:in `run'
/usr/local/dev/puppet/lib/puppet/application.rb:402:in `exit_on_fail'
/usr/local/dev/puppet/lib/puppet/application.rb:307:in `run'
/usr/local/dev/puppet/lib/puppet/util/command_line.rb:62:in `execute'
/usr/local/dev/puppet/bin/puppet:4
err: blahtest2 already has a requested certificate; ignoring certificate request

you can see in the puppet master logs, that it tries to authenticate two separate calls from the client.

History

#1 Updated by Zach Leslie almost 3 years ago

  • Status changed from Unreviewed to Accepted

#2 Updated by Dan Bode almost 3 years ago

  • Status changed from Accepted to In Topic Branch Pending Review
  • Branch set to https://github.com/bodepd/puppet/tree/issue/2.7.x/7637_creates_csr_twice

Also available in: Atom PDF