Bug 1788547 - [RFE] Auto-generate and send puppet certificates if the hostname of the new host is same as the old one.
Summary: [RFE] Auto-generate and send puppet certificates if the hostname of the new h...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Puppet
Version: 6.5.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: Unspecified
Assignee: satellite6-bugs
QA Contact: Vladimír Sedmík
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-01-07 13:36 UTC by Vedashree Deshpande
Modified: 2023-03-24 16:38 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-01-17 19:42:29 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Vedashree Deshpande 2020-01-07 13:36:06 UTC 
Description of problem:
The automatic receipt of a certificate by another server with the same name.  Any server with the same hostname and IP address to automatically receive a puppet certificate from puppet master.

Version-Release number of selected component (if applicable):
Satellite 6. 

Actual results:
We do not have such functionality. 

Expected results:
When a new host is registered with the same hostname as old host which is deleted from the satellite, should get the certificate automatically without having to request it. 

Additional info:
NA
Comment 4 Rich Jerrido 2020-01-17 19:42:29 UTC 
If you wish to rebuild a system, it is expected to 

- delete the host completely from Satellite and either
- reprovision it with Satellite (which creates a new Puppet cert for the host that will be delivered on the first puppet run) OR setup autosigning

Reusing puppet certs is bad security practice. (How does Satellite know that the host with the 'right' hostname is 'correct')
Note You need to log in before you can comment on or make changes to this bug.