Puppet users - Dec 2013 - How to reject agent (node) certificate request

Hi,

I am using open source puppet.

How can i reject a certificate request generated by agent on the master.

I can see the cert request in :

puppet cert list

However i wish to reject the request so that next time i run the same 
command, i dont see the garbage(unwanted requests)

I know this can be done in PE, not sure how to do this from command line!

-Kaustubh

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/34863a4d-3757-4d34-a4d3-81e84cf20eb0%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Hi,

have you tried using puppet cert clean for this as well?

According to the docs, it removes all files. This would include the
unwanted CSR.

HTH,
Felix

On 12/04/2013 02:44 PM, kaustubh chaudhari wrote:
> Hi,
> 
> I am using open source puppet.
> 
> How can i reject a certificate request generated by agent on the master.
> 
> I can see the cert request in :
> 
> puppet cert list
> 
> However i wish to reject the request so that next time i run the same
> command, i dont see the garbage(unwanted requests)
> 
> I know this can be done in PE, not sure how to do this from command line!
> 
> -Kaustubh
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/52A1AAE2.1030601%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/groups/opt_out.

Hey Felix,

Yes i have tried that!

puppet cert clean will work only for the accepted CSR. The only way i see 
is to accept it and then clean it! But this is not right way to do it!

-Kaustubh


On Friday, December 6, 2013 5:45:54 AM UTC-5, Felix.Frank
wrote:
>
> Hi, 
>
> have you tried using puppet cert clean for this as well? 
>
> According to the docs, it removes all files. This would include the 
> unwanted CSR. 
>
> HTH, 
> Felix 
>
> On 12/04/2013 02:44 PM, kaustubh chaudhari wrote: 
> > Hi, 
> > 
> > I am using open source puppet. 
> > 
> > How can i reject a certificate request generated by agent on the
master.
> > 
> > I can see the cert request in : 
> > 
> > puppet cert list 
> > 
> > However i wish to reject the request so that next time i run the same 
> > command, i dont see the garbage(unwanted requests) 
> > 
> > I know this can be done in PE, not sure how to do this from command 
> line! 
> > 
> > -Kaustubh 
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/f712fd8a-6608-427b-9e6d-970d963530d8%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

You can always throw away the CSR file manually, but that''s obviously
less than ideal.

If nobody pipes up with a correct answer, you may want to check Redmine
for an open feature request and vote on that, or open a new one if none
can be found.

Regards,
Felix

On 12/06/2013 01:46 PM, kaustubh chaudhari wrote:
> 
> Hey Felix,
> 
> Yes i have tried that!
> 
> puppet cert clean will work only for the accepted CSR. The only way i
> see is to accept it and then clean it! But this is not right way to do it!
> 
> -Kaustubh
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/52A1CB77.90205%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/groups/opt_out.

Did you try the puppet node clean and puppet node deactivate functions?

Pat



On Fri, Dec 6, 2013 at 8:04 AM, Felix Frank
<felix.frank@alumni.tu-berlin.de
> wrote:
> You can always throw away the CSR file manually, but that''s
obviously
> less than ideal.
>
> If nobody pipes up with a correct answer, you may want to check Redmine
> for an open feature request and vote on that, or open a new one if none
> can be found.
>
> Regards,
> Felix
>
> On 12/06/2013 01:46 PM, kaustubh chaudhari wrote:
> >
> > Hey Felix,
> >
> > Yes i have tried that!
> >
> > puppet cert clean will work only for the accepted CSR. The only way i
> > see is to accept it and then clean it! But this is not right way to do
> it!
> >
> > -Kaustubh
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscribe@googlegroups.com.
> To view this discussion on the web visit
>
https://groups.google.com/d/msgid/puppet-users/52A1CB77.90205%40alumni.tu-berlin.de
> .
> For more options, visit https://groups.google.com/groups/opt_out.
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAHFDuXkopEnMHRjx_G9JtuorezvsdhRS746P0NMO1mWtFHQcUQ%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Have you tried

puppet cert revoke <hostname>

(see puppet help cert for the man page)

hth

Johan


On 12/06/2013 02:04 PM, Felix Frank wrote:
> You can always throw away the CSR file manually, but that''s
obviously
> less than ideal.
>
> If nobody pipes up with a correct answer, you may want to check Redmine
> for an open feature request and vote on that, or open a new one if none
> can be found.
>
> Regards,
> Felix
>
> On 12/06/2013 01:46 PM, kaustubh chaudhari wrote:
>> Hey Felix,
>>
>> Yes i have tried that!
>>
>> puppet cert clean will work only for the accepted CSR. The only way i
>> see is to accept it and then clean it! But this is not right way to do
it!
>>
>> -Kaustubh

-- 
Johan De Wit

Open Source Consultant

Red Hat Certified Engineer         (805008667232363)
Puppet Certified Professional 2013 (PCP0000006)
_________________________________________________________
  
Open-Future                 Phone     +32 (0)2/255 70 70
Zavelstraat 72              Fax       +32 (0)2/255 70 71
3071 KORTENBERG             Mobile    +32 (0)474/42 40 73
BELGIUM                     http://www.open-future.be
_________________________________________________________
  

Next Events:
Puppet Fundamentals Training |
http://www.open-future.be/puppet-fundamentals-training-10-till-12th-december
Puppet Advanced Training |
http://www.open-future.be/puppet-advanced-training-7-till-9th-january
Puppet Fundamentals Training |
http://www.open-future.be/puppet-fundamentals-training-4-till-6th-february
Subscribe to our newsletter | http://eepurl.com/BUG8H

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/52A1D48E.3060003%40open-future.be.
For more options, visit https://groups.google.com/groups/opt_out.

Hi John and Patrick!

I havent tried puppet cert revoke - i will try that and reproduce if the 
issue persists.

Yes i have tried puppet node clean and puppet node deactivate, but the 
moment PuppetDB receives the request .. it update the facts and reports to 
the same. I do understand this is a normal behavior, we need to purge the 
node from DB to avoid this.

-Kaustubh 

On Friday, December 6, 2013 8:30:03 AM UTC-5, Patrick Ethier
wrote:
>
> Did you try the puppet node clean and puppet node deactivate functions?
>
> Pat
>
>
>
> On Fri, Dec 6, 2013 at 8:04 AM, Felix Frank
<felix...@alumni.tu-berlin.de<javascript:>
> > wrote:
>
>> You can always throw away the CSR file manually, but that''s
obviously
>> less than ideal.
>>
>> If nobody pipes up with a correct answer, you may want to check Redmine
>> for an open feature request and vote on that, or open a new one if none
>> can be found.
>>
>> Regards,
>> Felix
>>
>> On 12/06/2013 01:46 PM, kaustubh chaudhari wrote:
>> >
>> > Hey Felix,
>> >
>> > Yes i have tried that!
>> >
>> > puppet cert clean will work only for the accepted CSR. The only
way i
>> > see is to accept it and then clean it! But this is not right way
to do
>> it!
>> >
>> > -Kaustubh
>>
>> --
>> You received this message because you are subscribed to the Google
Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send
an
>> email to puppet-users...@googlegroups.com <javascript:>.
>> To view this discussion on the web visit 
>>
https://groups.google.com/d/msgid/puppet-users/52A1CB77.90205%40alumni.tu-berlin.de
>> .
>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/bd4cb340-5043-4cf8-8143-a1d89cc72852%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.