Topics

Updates to CA command line interaction in Puppet 6

Maggie Dreyer <maggie@...>
 

Hello!

As you may know, we are about to release Puppet 6. This release contains a major update to the command line tools that are used to interact with Puppet's CA and certificates. The update makes the commands much faster and more reliable, removes duplication, and makes the interface easier to understand. However, this means that some scripts and workflows will have to be updated.

What is getting removed:
* puppet cert
* puppet ca
* puppet certificate
* puppet certificate_request
*puppet certificate_revocation_list

What is new:
* puppetserver ca (for CA tasks like signing and revoking certs)
* puppet ssl (for agent-side tasks like submitting a CSR and fetching a cert, though these steps will still usually be taken care of by an agent run)

We have been making updates to beaker and various test suites to account for this change. If you use Beaker to do any CA or certificate interaction in your tests, you will need to make some updates to test against Puppet 6:
1) Update to Beaker 4 and beaker-puppet 1. The latest release of both of these projects contains updates for these CA changes. Details.
2) Update any tests or pre-suites that use one of the removed commands to use the equivalent new command instead. For details, invoke `puppet cert` in Puppet 6 for help output containing the mapping of old commands to new alternatives. We will have docs pages up soon with this info.

The most recent Puppet 6 builds on puppet nightlies have these updates if you would like to try them out ahead of the release.

Please feel free to reach out to us if you have any further questions or feedback.

Thanks!