FAQ
Hi,

I'm trying to create an autosign policy which checks for a custom attribute
in the CSR but I'm having some issue with the master not signing the
request.

My client has the following in /etc/puppet/csr_attributes.yaml

custom_attributes:
   1.2.840.113549.1.9.7: foo


My policy is a simple bash script, in this case checking for foo

#!/bin/bash

CUSTOM_ATTR=$(echo "$(cat)" | grep "challengePassword" | awk -F ":"
'{print$2}')

if [[ "$CUSTOM_ATTR" == "foo" ]]
then
    exit 0
else
    exit 1
fi

I had tested with the following, I'm guessing the issue is with my script
not reading in the CSR from puppet? If anyone has any examples of policies
they have created I would love to see them (this seems to be lacking in the
puppet documentation).

sudo openssl req -noout -text -in
/var/lib/puppet/ssl/ca/requests/mynode.pem | /etc/puppet/autosign.sh; echo
$?


Many thanks,
George

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/30d1d249-b648-4eb2-be32-1578f6118705%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

Discussion Posts

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 1 of 2 | next ›
Discussion Overview
grouppuppet-users @
categoriespuppet
postedFeb 17, '14 at 2:20p
activeFeb 17, '14 at 2:59p
posts2
users1
websitepuppetlabs.com

1 user in discussion

George Brown: 2 posts

People

Translate

site design / logo © 2022 Grokbase