Ask Your Question
0

request certificate: unexpected attributes

asked 2016-10-24 20:46:10 -0500

PJ gravatar image

Hello ,

I'm trying to add some attributes to CSR with this reference : https://docs.puppet.com/puppet/latest...filecsr_attributes.html

cat > /etc/puppetlabs/puppet/csr_attributes.yaml << YAML

extension_requests:

ppinstanceid: $(curl -s http://169.254.169.254/latest/meta-da...)

ppimagename: $(curl -s http://169.254.169.254/latest/meta-da...)

1.3.6.1.4.1.34380.1.1.18: $(curl -s http://169.254.169.254/latest/meta-da... | sed 's/.$//') pp_role: ‘testagent’ YAML

after making this file , when i run "puppet agent -t" i get this error :

Info: csrattributes file loading from /etc/puppetlabs/puppet/csrattributes.yaml Error: Could not request certificate: unexpected attributes ["ppinstanceid", "ppimagename", "1.3.6.1.4.1.34380.1.1.18", "pprole"] in "/etc/puppetlabs/puppet/csrattributes.yaml" Exiting; failed to retrieve certificate and waitforcert is disabled

edit retag flag offensive close merge delete

2 Answers

Sort by » oldest newest most voted
1

answered 2016-10-25 09:52:52 -0500

aharden gravatar image

The formatting in your question may be obscuring what you're trying to share with us. I have a successful recipe for CSR attributes generation on AWS EC2 Linux instances shared here: aharden-aws_ec2 on GitHub. It's an ERB template that builds a userdata script, but here are some relevant lines:

MD="http://169.254.169.254/latest/meta-data/"
AWS_INSTANCE_ID=$(curl -fs $MD/instance-id)
PP_INSTANCE_ID="${AWS_INSTANCE_ID}"
PP_IMAGE_NAME=$(curl -s http://169.254.169.254/latest/meta-data/ami-id)
AVAILABILITY_ZONE=$(curl -fs $MD/placement/availability-zone)
EC2_REGION=${AVAILABILITY_ZONE::-1}
[...]
function write_csr_attributes () {
  if [ ! -d /etc/puppetlabs/puppet ]; then
    mkdir -p /etc/puppetlabs/puppet
  fi
  cat > /etc/puppetlabs/puppet/csr_attributes.yaml << YAML
extension_requests:
  pp_instance_id: $PP_INSTANCE_ID
  pp_image_name: $PP_IMAGE_NAME
  1.3.6.1.4.1.34380.1.1.18: $EC2_REGION
  1.3.6.1.4.1.34380.1.1.20: $AVAILABILITY_ZONE
[...]
YAML
}
[...]
write_csr_attributes

Note the mixed use of attribute names and OID numbers, and the two-space indent in the file. There's a great white paper on this subject: https://puppet.com/resources/white-pa....

edit flag offensive delete link more
0

answered 2016-10-25 11:57:44 -0500

PJ gravatar image

updated 2016-10-25 11:59:38 -0500

Yea formatting was messed up. Thanks for the reply. the problem was I was missing space here :

extension_requests:
<>pp_instance_id: $PP_INSTANCE_ID
<> pp_image_name: $PP_IMAGE_NAME
<>1.3.6.1.4.1.34380.1.1.18: $EC2_REGION
<>1.3.6.1.4.1.34380.1.1.20: $AVAILABILITY_ZONE
edit flag offensive delete link more

Comments

Great! Could you please mark my answer as correct/helpful?

aharden gravatar imageaharden ( 2016-10-25 13:19:21 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2016-10-24 20:46:10 -0500

Seen: 77 times

Last updated: Oct 25 '16