Closed sjorge closed 8 years ago
mine.get call done manuall from 2016.11.0rc1 minion
[root@isotope /var/log/salt]# salt-call mine.get cronos x509.get_pem_entries
local:
----------
cronos:
----------
/salt/pki/ca.crt:
-----BEGIN CERTIFICATE-----
MIIGgjCCBGqgAwIBAgIIfijCQL3rF6MwDQYJKoZIhvcNAQELBQAwgYExCzAJBgNV
BAYTAkJFMRgwFgYDVQQDDA9BY2hlcm9uIFJvb3QgQ0ExETAPBgNVBAcMCEthcGVs
bGVuMRAwDgYDVQQIDAdBbnR3ZXJwMRAwDgYDVQQKDAdBY2hlcm9uMSEwHwYJKoZI
hvcNAQkBFhJjZXJ0YWRtQGFjaGVyb24uYmUwHhcNMTYwMzI4MTYyOTQ4WhcNMjYw
MzI2MTYyOTQ4WjCBgTELMAkGA1UEBhMCQkUxGDAWBgNVBAMMD0FjaGVyb24gUm9v
dCBDQTERMA8GA1UEBwwIS2FwZWxsZW4xEDAOBgNVBAgMB0FudHdlcnAxEDAOBgNV
BAoMB0FjaGVyb24xITAfBgkqhkiG9w0BCQEWEmNlcnRhZG1AYWNoZXJvbi5iZTCC
AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANTZdENt7iIqpwPH8BuuHuqV
ecttb/33F9l3mt4GQHqJovSX2oL6mRoijlgUz6doEdRZrWeRts1TbMunAAaX3bwD
MzUMkHTaJaQ2ZR6IoKWJRKE5vhd5niPxv5vN6VOigv2owULP/iR2s3b9VnsI5mNU
OXli3MadwPqi1BVYrYuvhdEnDHwBom4e+A3LN8rGNcbO3rI8yx54QbkKiL9cVXXC
H3Hwse+M5848qe/VysNlnRuzZCpoI2lBq1MeHWIRWUgNhiTyztn2ZZWDAfRC8gVt
lFAvBKKByXwjvH++AzvyJ1lg9NE92rF3wLSKI9kuL8YeB6ypkugY0sYAj7i2gV6B
7RTa9fPECwlOdPtnCgkeUfcS0zODAtus7gZhhGpBy5aWpgbpbqmZGOsjsf9XO5zg
jF24XHpU8vkbygp2nmOO3Zr+I2VwJn7in+leGXagLpapR6gZWX1GL/b36ZmusRpG
JllSOPvgUuTsKaA6AGKjWXH7iC2wcqu1orxibKCsMpHhlAMUB4pLuta2DhYq7RZZ
jsl4GiihlKsFt4QLtyQZTq8cN18zsrcxraTb5TKNm5dD1b52bFQ/wUym+lRS6Vsa
7+dtoLfU1zVc+mlNta89xXNlfZ4+isYknvIjfkoKMwDEDAk2AjxbE+bQrbyuXa7Z
2eqayIqnJ/x+joISKH6jAgMBAAGjgfswgfgwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFGyY2Zuqk/MAN/33jAJmQVPI+LgbMIG1BgNV
HSMEga0wgaqAFGyY2Zuqk/MAN/33jAJmQVPI+LgboYGHpIGEMIGBMQswCQYDVQQG
EwJCRTEYMBYGA1UEAwwPQWNoZXJvbiBSb290IENBMREwDwYDVQQHDAhLYXBlbGxl
bjEQMA4GA1UECAwHQW50d2VycDEQMA4GA1UECgwHQWNoZXJvbjEhMB8GCSqGSIb3
DQEJARYSY2VydGFkbUBhY2hlcm9uLmJlggh+KMJAvesXozANBgkqhkiG9w0BAQsF
AAOCAgEAKr1+USflxSacoTMRSMPZ3XNUn45sJG5a+5Wp0Z/WEBGZA/wVDS9oHHwk
9H/Xlm3Jh7a5CkqCwr8jccoir7iWza/OA5PWbV+ULXkU21Tr+aj5+mli6yegj6hU
bOdsZZTwYJplQSyGiSubEMWeA+RRLq26HGw1nsPBVQeCIpLmux5nJM4utPd2Y8Cj
wkSc4+A64RTX4kgDnoN6rJm7uQshtyaHfhAiKoGhPSK4swYlrooLDg/lbtP118r/
Lu5/UQR10r5+MfxP6CSTqrKZHvewBflruJrDxd6Oe0O0D1r4bJaf0xwjluRJ6l7n
9xU+wPMnFyYfgkwFFkc7fmZBg0vJH9+gLwp8BHGP2P1cqd/QtRbiw0KAPv/zbONy
ZVsGzHibLINMYBOSSzZVYnoV87xSWHiZomgAd7lwsa1Hi4zwY5btBbk406d5Szft
Kl3Pc+A8L4V8ojpgTu8arXgkxS25xm6p3z12nK+szpvvAmiqQy8sMCmL1eLSFMz8
1LGbOJyUTKPpmWDt+rO453BT4AloM0qKBfWiUeQz/6jWhjm7K3beXAcEycZJcJyT
tnFKxP+TiK46hKR/oC8lB6yKC/3j93MEQ2xn3kLwl9kXTsFXUx9ewVPjZAxioQNn
83pCOwtJoBqLmbQw2KcciV8PlpU+WZXXUav5cvLWQOxiqKjvgTo=
-----END CERTIFICATE-----
On a side note, my setup at least at the core is the same as the one described in the state.x509 docs about setting up a ca and signing via salt.
I assume more setups will be broken than just mine.
I traced it to state.x509 passing a text blob (from the state yaml) that has newlines stripped. The odd things is that mine.get does return it with the newlines in place.
Debugging in state.x509 seem to indicate they are already missing when fed into it. I think the chance lies in module.x509 that no longer works on certificates without newlines.
I have a PR ready that fixes this. I will continue testing for breakage in my environment using that patch.
@sjorge seriously a big thank you to you for testing the RC and submitting PR's your awesome! Once your PR has been reviewed and merged feel free to close this issue or we will. Thanks!!
@Ch3LL Not sure there are any heavy SmartOS/Illumos environments out there :) I use a bit of everything, so a lots of stuff will be easy to spot once I upgrade.
@sjorge We've got that PR in so I'm going to go ahead and close this. You know what to do if this comes up again. ;] Thanks!
Description of Issue/Question
Fetching the CA from the mine function works fine on 2016.3.3, it breaks in get_pem_entry in 2016.11.0.rc1
Setup
fragment from role.certificate.authority:
common/certificate/config.jinja
common/certificate/macros.jinja
common/certificate/init.sls
Steps to Reproduce Issue
(Include debug logs if possible and relevant.)
2016.3.3:
2016.11.0rc1
Versions Report
minion running 2016.3.3:
minion running 2016.11.0rc1: