From e685f3a8158db9c575ceb783a710774de5a34cd5 Mon Sep 17 00:00:00 2001 From: Josh Cooper Date: Thu, 13 Jun 2019 15:16:39 -0700 Subject: [PATCH 1/2] (BKR-1598) Set server setting in main section To ensure individual tests don't need to set `--server ` set it in the presuite for all types (git, aio, etc). Note Host#hostname is the same as Host#to_s, but I chose the former for its explicitness. --- setup/common/040_ValidateSignCert.rb | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/setup/common/040_ValidateSignCert.rb b/setup/common/040_ValidateSignCert.rb index ae5ae2de..cf7e654e 100644 --- a/setup/common/040_ValidateSignCert.rb +++ b/setup/common/040_ValidateSignCert.rb @@ -19,6 +19,11 @@ on(host, "rm -rf '#{ssldir}/*'") end + step "Set 'server' setting" + hosts.each do |host| + on(host, puppet("config set server #{master.hostname} --section main")) + end + step "Start puppetserver" do master_opts = { main: { @@ -36,7 +41,7 @@ next if agent == master step "Agents: Run agent --test first time to gen CSR" - on agent, puppet("agent --test --server #{master}"), :acceptable_exit_codes => [1] + on agent, puppet("agent --test"), :acceptable_exit_codes => [1] end # Sign all waiting agent certs @@ -48,7 +53,7 @@ end step "Agents: Run agent --test second time to obtain signed cert" - on agents, puppet("agent --test --server #{master}"), :acceptable_exit_codes => [0,2] + on agents, puppet("agent --test"), :acceptable_exit_codes => [0,2] end end end From 252a2133ef31f81dd1b01ca70813caf6f5d2b94a Mon Sep 17 00:00:00 2001 From: Josh Cooper Date: Thu, 13 Jun 2019 15:19:58 -0700 Subject: [PATCH 2/2] (maint) Enable autosigning bootstrap agent certs Enable autosigning for this step only, so that `puppet agent -t` will submit the CSR and retrieve the signed cert automatically. The master host should already have a client cert, so running `puppet agent -t` should be a noop. --- setup/common/040_ValidateSignCert.rb | 20 +++----------------- 1 file changed, 3 insertions(+), 17 deletions(-) diff --git a/setup/common/040_ValidateSignCert.rb b/setup/common/040_ValidateSignCert.rb index cf7e654e..541df005 100644 --- a/setup/common/040_ValidateSignCert.rb +++ b/setup/common/040_ValidateSignCert.rb @@ -28,7 +28,8 @@ master_opts = { main: { dns_alt_names: "puppet,#{hostname},#{fqdn}", - server: fqdn + server: fqdn, + autosign: true }, } @@ -37,22 +38,7 @@ on master, 'puppetserver ca setup' end with_puppet_running_on(master, master_opts) do - agents.each do |agent| - next if agent == master - - step "Agents: Run agent --test first time to gen CSR" - on agent, puppet("agent --test"), :acceptable_exit_codes => [1] - end - - # Sign all waiting agent certs - step "Server: sign all agent certs" - if version_is_less(puppet_version, "5.99") - on master, puppet("cert sign --all"), :acceptable_exit_codes => [0, 24] - else - on master, 'puppetserver ca sign --all', :acceptable_exit_codes => [0, 24] - end - - step "Agents: Run agent --test second time to obtain signed cert" + step "Agents: Run agent --test with autosigning enabled to get cert" on agents, puppet("agent --test"), :acceptable_exit_codes => [0,2] end end