Is hostprivkey used in any way in puppet ?

asked 2017-10-31 06:37:31 -0600

As we were going through our masters' puppet.conf the other day we noticed the hostprivkey and hostcert settings set in the [master] section. This is some pretty old configuration that we 've been very slowly (very!!!) updating since the same puppetmaster configuration is being used across more than one environments and departments (each hosting their own puppetmasters - we value code reuse - maybe a bit too much). So, it turns out we have these settings set since the puppet 0.24.x something days.

As we were reevaluating them, we realized that by mistake we had them set to non existing files for about a year now with absolutely no ill effect. After some code reading[1], we think that hostprivkey is utterly unused. Setting it either in [master], [agent] or [main] has absolutely no effect. hostcert seems to be used in 2 places. One is during puppet cert generate [2] and the other is when creating the http connection to the master [3] (note how sslcertificatesarepresent? is used in setupconnection() in line 120. Setting it in [main] or [agent] to /dev/null in an already functioning agent has no effect. Setting it to a non existing file causes the agent to croak with SSL errors (at least that's expected). Setting it to anything in [master] on a master does nothing.

All other references to those 2 settings seem to have been removed in https://github.com/puppetlabs/puppet/..., which was first released in 2.7.6 (yup.. that old).

So... finally the question: Has anyone messed with these settings and has some more info that would help clarify this a bit more and whether we should file a task upstream ?

[1] https://github.com/puppetlabs/puppet/...

[2] https://github.com/puppetlabs/puppet/...

[3] https://github.com/puppetlabs/puppet/...

edit retag flag offensive close merge delete