Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problem while revoking certificate #374

Closed
dsacchet opened this issue Mar 6, 2020 · 1 comment · Fixed by #375
Closed

Problem while revoking certificate #374

dsacchet opened this issue Mar 6, 2020 · 1 comment · Fixed by #375

Comments

@dsacchet
Copy link

dsacchet commented Mar 6, 2020

Affected Puppet, Ruby, OS and module versions/distributions

  • Puppet: puppetserver 2.7.2-1puppetlabs1 / puppet-agent 5.5.18-1buster
  • Ruby: 2.5.1
  • Distribution: Debian Buster
  • Module version: master of 2020-03-05

How to reproduce (e.g Puppet code you use)

Node with a simply

class profile::tool_vpndev (
) {

  class { '::openvpn': }
}

And the following hiera code

openvpn::servers:
 vpndev:
  country: 'FR'
  province: 'Lorraine'
  city: 'Nancy'
  organization: 'Test'
  email: '[email protected]'
  common_name: 'vpndev'
  dev: 'tun0'
  ipp: true
  local: "%{::ipaddress}"
  port: '1194'
  proto: 'tcp'
  status_log: 'vpndev-status.log'
  ssl_key_size: 4096
  topology: 'subnet'
  cipher: 'AES-256-CBC'
  persist_key: true
  persist_tun: true
  ldap_enabled: false
  server: '192.168.43.0 255.255.255.0'
  verb: '4'
  keepalive: '10 120'
  tls_auth: true
  tls_server: true
  ns_cert_type: false
  remote_cert_tls: true
  crl_verify: true
  crl_auto_renew: true
  push:
   - 'route-gateway 192.168.43.1'

openvpn::client_defaults:
 dev: 'tun'
 ns_cert_type: false
 remote_cert_tls: true
 tls_auth: true

openvpn::clients:
 test:
  server: 'vpndev'
  remote_host: 'xx.xx.xx.xx'
  expire: 365

Application

Info: Applying configuration version '1583484130'
Info: Computing checksum on file /etc/puppetlabs/puppet/ssl/crl.pem
Info: /Stage[main]/Certregen::Client/File[/etc/puppetlabs/puppet/ssl/crl.pem]: Filebucketed /etc/puppetlabs/puppet/ssl/crl.pem to puppet with sum 905a807988d78d139b47be371bb977b6
Notice: /Stage[main]/Certregen::Client/File[/etc/puppetlabs/puppet/ssl/crl.pem]/content: content changed '{md5}905a807988d78d139b47be371bb977b6' to '{md5}304af9bb009661691385af9ff519da0c'
Notice: /Stage[main]/Ssh::Known_hosts/Sshkey[tst-eparthui01-t02.dc06_rsa]/ensure: created
Info: Computing checksum on file /etc/ssh/ssh_known_hosts
Info: /Stage[main]/Ssh::Known_hosts/Sshkey[tst-eparthui01-t02.dc06_rsa]: Scheduling refresh of Exec[generate hashed known hosts]
Notice: /Stage[main]/Ssh::Known_hosts/Exec[generate hashed known hosts]: Triggered 'refresh' from 1 event
Notice: /Stage[main]/Ssh::Known_hosts/File[/etc/ssh/ssh_known_hosts_hashed]/mode: mode changed '0600' to '0664' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/File[/etc/openvpn/vpndev]/ensure: created (corrective)
Info: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/File[/etc/openvpn/vpndev]: Scheduling refresh of Service[openvpn@vpndev]
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/File[/etc/openvpn/vpndev/scripts]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/File[/etc/openvpn/vpndev/auth]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/File[/etc/openvpn/vpndev/client-configs]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/File[/etc/openvpn/vpndev/download-configs]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/File[/etc/openvpn/vpndev.conf]/ensure: defined content as '{md5}f01804b1289390aef70269e7cf0c732c' (corrective)
Info: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/File[/etc/openvpn/vpndev.conf]: Scheduling refresh of Service[openvpn@vpndev]
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/Openvpn::Ca[vpndev]/File[/etc/openvpn/vpndev/easy-rsa]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/Openvpn::Ca[vpndev]/File[/etc/openvpn/vpndev/easy-rsa/easyrsa]/ensure: defined content as '{md5}57bec2a3f4d47598d6c5574c6c38aa53' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/Openvpn::Ca[vpndev]/File[/etc/openvpn/vpndev/easy-rsa/openssl-easyrsa.cnf]/ensure: defined content as '{md5}c441ca03287aad5823ed834a52015a3e' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/Openvpn::Ca[vpndev]/File[/etc/openvpn/vpndev/easy-rsa/vars.example]/ensure: defined content as '{md5}239af4571b1a6a627ce0c522bff14346' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/Openvpn::Ca[vpndev]/File[/etc/openvpn/vpndev/easy-rsa/x509-types]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/Openvpn::Ca[vpndev]/File[/etc/openvpn/vpndev/easy-rsa/x509-types/COMMON]/ensure: defined content as '{md5}67d826b0d01b46c4bb442b749039b9dc' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/Openvpn::Ca[vpndev]/File[/etc/openvpn/vpndev/easy-rsa/x509-types/ca]/ensure: defined content as '{md5}bdf6c4b1e71f502a768eda6e65e1ffbd' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/Openvpn::Ca[vpndev]/File[/etc/openvpn/vpndev/easy-rsa/x509-types/client]/ensure: defined content as '{md5}84e917d7be5ee502148039694d5e579e' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/Openvpn::Ca[vpndev]/File[/etc/openvpn/vpndev/easy-rsa/x509-types/code-signing]/ensure: defined content as '{md5}621ccf76427f001f4528af513222ad79' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/Openvpn::Ca[vpndev]/File[/etc/openvpn/vpndev/easy-rsa/x509-types/server]/ensure: defined content as '{md5}d0d7a06379af67505bf5dae59d3e7afb' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/Openvpn::Ca[vpndev]/File[/etc/openvpn/vpndev/easy-rsa/x509-types/serverClient]/ensure: defined content as '{md5}3b92ac8660e21b3d4bb0b765899c2a3d' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/Openvpn::Ca[vpndev]/File[/etc/openvpn/vpndev/easy-rsa/revoked]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/Openvpn::Ca[vpndev]/File[/etc/openvpn/vpndev/easy-rsa/vars]/ensure: defined content as '{md5}4bcd6c0fab7ddfefb27a581eff2d1f1b' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/Openvpn::Ca[vpndev]/File[/etc/openvpn/vpndev/easy-rsa/openssl.cnf]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/Openvpn::Ca[vpndev]/Exec[initca vpndev]/returns: executed successfully (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/Openvpn::Ca[vpndev]/Exec[generate server cert vpndev]/returns: executed successfully (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/Openvpn::Ca[vpndev]/Exec[generate dh param vpndev]/returns: executed successfully (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/Openvpn::Ca[vpndev]/File[/etc/openvpn/vpndev/easy-rsa/keys/ca.crt]/group: group changed 'root' to 'nogroup' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/Openvpn::Ca[vpndev]/File[/etc/openvpn/vpndev/easy-rsa/keys/ca.crt]/mode: mode changed '0600' to '0640' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/Openvpn::Ca[vpndev]/Exec[create crl.pem on vpndev]/returns: executed successfully (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/Openvpn::Ca[vpndev]/File[/etc/openvpn/vpndev/keys]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/Openvpn::Ca[vpndev]/File[/etc/openvpn/vpndev/crl.pem]/mode: mode changed '0644' to '0640' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/Openvpn::Ca[vpndev]/Exec[generate tls key for vpndev]/returns: executed successfully (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/Openvpn::Ca[vpndev]/File[/etc/openvpn/vpndev/easy-rsa/keys/crl.pem]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/Service[openvpn@vpndev]: Triggered 'refresh' from 2 events
Notice: /Stage[main]/Openvpn/Openvpn::Client[test]/Exec[generate certificate for test in context of vpndev]/returns: executed successfully (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Client[test]/File[/etc/openvpn/vpndev/download-configs/test]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Client[test]/File[/etc/openvpn/vpndev/download-configs/test/keys]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Client[test]/File[/etc/openvpn/vpndev/download-configs/test/keys/test]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Client[test]/File[/etc/openvpn/vpndev/download-configs/test/keys/test/test.crt]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Client[test]/File[/etc/openvpn/vpndev/download-configs/test/keys/test/test.key]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Client[test]/File[/etc/openvpn/vpndev/download-configs/test/keys/test/ca.crt]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Client[test]/File[/etc/openvpn/vpndev/download-configs/test/keys/test/ta.key]/ensure: created (corrective)
Info: /Stage[main]/Openvpn/Openvpn::Client[test]/File[/etc/openvpn/vpndev/download-configs/test/keys/test/ta.key]: Scheduling refresh of Exec[tar the thing vpndev with test]
Notice: /Stage[main]/Openvpn/Openvpn::Client[test]/File[/etc/openvpn/vpndev/download-configs/test.tblk]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Client[test]/File[/etc/openvpn/vpndev/download-configs/test/test.conf]/ensure: defined content as '{md5}890fdbdf407d2fda2ca7cc138b5cf6bb' (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Client[test]/Concat[/etc/openvpn/vpndev/download-configs/test.ovpn]/File[/etc/openvpn/vpndev/download-configs/test.ovpn]/ensure: defined content as '{md5}072ae69a768eb16eddc690349c787e03' (corrective)
Info: Concat[/etc/openvpn/vpndev/download-configs/test.ovpn]: Scheduling refresh of Exec[tar the thing vpndev with test]
Notice: /Stage[main]/Openvpn/Openvpn::Client[test]/File[/etc/openvpn/vpndev/download-configs/test.tblk/test.ovpn]/ensure: created (corrective)
Notice: /Stage[main]/Openvpn/Openvpn::Client[test]/Exec[tar the thing vpndev with test]: Triggered 'refresh' from 2 events

What are you seeing

This initializes correctly the server and the client can connect without problem

Then I want to test revoking a certificate so I add

openvpn::revokes:
 test:
  server: 'vpndev'

to hiera. With master code, I have the following error

Info: Applying configuration version '1583485036'
Notice: /Stage[main]/Openvpn/Openvpn::Revoke[test]/Exec[revoke certificate for test in context of vpndev]/returns: executed successfully
Info: /Stage[main]/Openvpn/Openvpn::Revoke[test]/Exec[revoke certificate for test in context of vpndev]: Scheduling refresh of Exec[renew crl.pem on test]
Error: Failed to apply catalog: Could not find schedule renew crl.pem schedule on test

I can fix this by changing revoke.pp line 51

schedule => "renew crl.pem schedule on ${server}",

But the easyrsa command is not correct

'3.0' => ". ./vars && ./easyrsa revoke --batch ${name}; echo \"exit $?\" | grep -qE '(error 23|exit (0|2))' && touch revoked/${name}",

--batch option is a global option and must be place before the command so before revoke, the correct command is

'3.0' => ". ./vars && ./easyrsa --batch revoke ${name}; echo \"exit $?\" | grep -qE '(error 23|exit (0|2))' && touch revoked/${name}",

No more error, but the renewal of the crl is not schedule

Info: Caching catalog for tool-vpndev01-p01.ncy
Info: Applying configuration version '1583496662'
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/Openvpn::Ca[vpndev]/File[/etc/openvpn/vpndev/easy-rsa/revoked/test]/group: group changed 'root' to 'nogroup'
Notice: /Stage[main]/Openvpn/Openvpn::Server[vpndev]/Openvpn::Ca[vpndev]/File[/etc/openvpn/vpndev/easy-rsa/revoked/test]/mode: mode changed '0644' to '0750'
Notice: Applied catalog in 15.98 seconds

What behaviour did you expect instead

The corresponding certificate is revoked and the crl is regenerated.

Output log

Any additional information you'd like to impart
Rubueno pushed a commit to Rubueno/puppet-openvpn that referenced this issue Mar 13, 2020
Fixes voxpupuli#374 - Revocation command update and crl renew
ab078ca 
An issue was raised informing that the revocation command is incorrect.
This was diagnosed to indeed be the case. The exec for the crl renew was
updated to clarify which server it's done for.
@Rubueno
Copy link
Contributor

Rubueno commented Mar 13, 2020
edited
Loading

I've found the problem and am working on the solution

Rubueno pushed a commit to Rubueno/puppet-openvpn that referenced this issue Mar 13, 2020
Fixes voxpupuli#374 - Revocation command update and crl renew
3e3ae20 
An issue was raised informing that the revocation command is incorrect.
This was diagnosed to indeed be the case. The exec for the crl renew was
updated to clarify which server it's done for and to prevent duplicate
`exec` resource names.
Rubueno pushed a commit to Rubueno/puppet-openvpn that referenced this issue Mar 13, 2020
Fixes voxpupuli#374 - Revocation command update and crl renew
02f9b49 
An issue was raised informing that the revocation command is incorrect.
This was diagnosed to indeed be the case. As the `$name` variable in
context of `revoke.pp` does not evalute to `server name` but instead
`client name`. The exec for the crl renew was updated to clarify which server
it's done for and to prevent duplicate `exec` resource names.
@Rubueno Rubueno mentioned this issue Mar 13, 2020
Merged
Rubueno pushed a commit to Rubueno/puppet-openvpn that referenced this issue Mar 13, 2020
Fixes voxpupuli#374 - Revocation command update and crl renew
add3ec3 
An issue was raised informing that the revocation command is incorrect.
This was diagnosed to indeed be the case. As the `$name` variable in
context of `revoke.pp` does not evalute to `server name` but instead
`client name`. The exec for the crl renew was updated to clarify which server
it's done for and to prevent duplicate `exec` resource names.
Rubueno pushed a commit to Rubueno/puppet-openvpn that referenced this issue Mar 14, 2020
Fixes voxpupuli#374 - Revocation command update and crl renew
3bfa748 
An issue was raised informing that the revocation command is incorrect.
This was diagnosed to indeed be the case. As the `$name` variable in
context of `revoke.pp` does not evalute to `server name` but instead
`client name`. The exec for the crl renew was updated to clarify which server
it's done for and to prevent duplicate `exec` resource names.
Rubueno pushed a commit to Rubueno/puppet-openvpn that referenced this issue May 18, 2020
Fixes voxpupuli#374 - Revocation command update and crl renew
ead66c8 
An issue was raised informing that the revocation command is incorrect.
This was diagnosed to indeed be the case. As the `$name` variable in
context of `revoke.pp` does not evalute to `server name` but instead
`client name`. The exec for the crl renew was updated to clarify which server
it's done for and to prevent duplicate `exec` resource names.
Rubueno pushed a commit to Rubueno/puppet-openvpn that referenced this issue May 18, 2020
Fixes voxpupuli#374 - Revocation command update and crl renew
e9dfcbf 
An issue was raised informing that the revocation command is incorrect.
This was diagnosed to indeed be the case. As the `$name` variable in
context of `revoke.pp` does not evalute to `server name` but instead
`client name`. The exec for the crl renew was updated to clarify which server
it's done for and to prevent duplicate `exec` resource names.
Rubueno pushed a commit to Rubueno/puppet-openvpn that referenced this issue May 18, 2020
Fixes voxpupuli#374 - Revocation command update and crl renew
cb08c60 
An issue was raised informing that the revocation command is incorrect.
This was diagnosed to indeed be the case. As the `$name` variable in
context of `revoke.pp` does not evalute to `server name` but instead
`client name`. The exec for the crl renew was updated to clarify which server
it's done for and to prevent duplicate `exec` resource names.
Rubueno pushed a commit to Rubueno/puppet-openvpn that referenced this issue May 18, 2020
Fixes voxpupuli#374 - Revocation command update and crl renew
01023ca 
An issue was raised informing that the revocation command is incorrect.
This was diagnosed to indeed be the case. As the `$name` variable in
context of `revoke.pp` does not evalute to `server name` but instead
`client name`. The exec for the crl renew was updated to clarify which server
it's done for and to prevent duplicate `exec` resource names.
Rubueno pushed a commit to Rubueno/puppet-openvpn that referenced this issue May 18, 2020
Fixes voxpupuli#374 - Revocation command update and crl renew
6c9b721 
An issue was raised informing that the revocation command is incorrect.
This was diagnosed to indeed be the case. As the `$name` variable in
context of `revoke.pp` does not evalute to `server name` but instead
`client name`. The exec for the crl renew was updated to clarify which server
it's done for and to prevent duplicate `exec` resource names.
Rubueno pushed a commit to Rubueno/puppet-openvpn that referenced this issue May 18, 2020
Fixes voxpupuli#374 - Revocation command update and crl renew
9f4fb4d 
An issue was raised informing that the revocation command is incorrect.
This was diagnosed to indeed be the case. As the `$name` variable in
context of `revoke.pp` does not evalute to `server name` but instead
`client name`. The exec for the crl renew was updated to clarify which server
it's done for and to prevent duplicate `exec` resource names.
Rubueno pushed a commit to Rubueno/puppet-openvpn that referenced this issue May 18, 2020
Fixes voxpupuli#374 - Revocation command update and crl renew
8ee7c6f 
An issue was raised informing that the revocation command is incorrect.
This was diagnosed to indeed be the case. As the `$name` variable in
context of `revoke.pp` does not evalute to `server name` but instead
`client name`. The exec for the crl renew was updated to clarify which server
it's done for and to prevent duplicate `exec` resource names.
Rubueno pushed a commit to Rubueno/puppet-openvpn that referenced this issue May 18, 2020
Fixes voxpupuli#374 - Revocation command update and crl renew
2ee3570 
An issue was raised informing that the revocation command is incorrect.
This was diagnosed to indeed be the case. As the `$name` variable in
context of `revoke.pp` does not evalute to `server name` but instead
`client name`. The exec for the crl renew was updated to clarify which server
it's done for and to prevent duplicate `exec` resource names.
Rubueno pushed a commit to Rubueno/puppet-openvpn that referenced this issue May 18, 2020
Fixes voxpupuli#374 - Revocation command update and crl renew
a1f0df4 
An issue was raised informing that the revocation command is incorrect.
This was diagnosed to indeed be the case. As the `$name` variable in
context of `revoke.pp` does not evalute to `server name` but instead
`client name`. The exec for the crl renew was updated to clarify which server
it's done for and to prevent duplicate `exec` resource names.
Rubueno pushed a commit to Rubueno/puppet-openvpn that referenced this issue May 18, 2020
Fixes voxpupuli#374 - Revocation command update and crl renew
8e04469 
An issue was raised informing that the revocation command is incorrect.
This was diagnosed to indeed be the case. As the `$name` variable in
context of `revoke.pp` does not evalute to `server name` but instead
`client name`. The exec for the crl renew was updated to clarify which server
it's done for and to prevent duplicate `exec` resource names.
Rubueno pushed a commit to Rubueno/puppet-openvpn that referenced this issue May 18, 2020
Fixes voxpupuli#374 - Revocation command update and crl renew
7dc7565 
An issue was raised informing that the revocation command is incorrect.
This was diagnosed to indeed be the case. As the `$name` variable in
context of `revoke.pp` does not evalute to `server name` but instead
`client name`. The exec for the crl renew was updated to clarify which server
it's done for and to prevent duplicate `exec` resource names.

`catch_changes` in the acceptance test was taken out because a crl renew
is triggrered which is seen as a change.
Rubueno pushed a commit to Rubueno/puppet-openvpn that referenced this issue May 18, 2020
Fixes voxpupuli#374 - Revocation command update and crl renew
f146ce6 
An issue was raised informing that the revocation command is incorrect.
This was diagnosed to indeed be the case. As the `$name` variable in
context of `revoke.pp` does not evalute to `server name` but instead
`client name`. The exec for the crl renew was updated to clarify which server
it's done for and to prevent duplicate `exec` resource names.

`catch_changes` in the acceptance test was taken out because a crl renew
is triggrered which is seen as a change.
Rubueno pushed a commit to Rubueno/puppet-openvpn that referenced this issue May 18, 2020
Fixes voxpupuli#374 - Revocation command update and crl renew
d101420 
An issue was raised informing that the revocation command is incorrect.
This was diagnosed to indeed be the case. As the `$name` variable in
context of `revoke.pp` does not evalute to `server name` but instead
`client name`. The exec for the crl renew was updated to clarify which server
it's done for and to prevent duplicate `exec` resource names.

`catch_changes` in the acceptance test was taken out because a crl renew
is triggrered which is seen as a change.
Rubueno pushed a commit to Rubueno/puppet-openvpn that referenced this issue May 18, 2020
Fixes voxpupuli#374 - Revocation command update and crl renew
3158a8d 
An issue was raised informing that the revocation command is incorrect.
This was diagnosed to indeed be the case. As the `$name` variable in
context of `revoke.pp` does not evalute to `server name` but instead
`client name`. The exec for the crl renew was updated to clarify which server
it's done for and to prevent duplicate `exec` resource names.

`catch_changes` in the acceptance test was taken out because a crl renew
is triggrered which is seen as a change.
Rubueno pushed a commit to Rubueno/puppet-openvpn that referenced this issue May 18, 2020
Fixes voxpupuli#374 - Revocation command update and crl renew
8442a18 
An issue was raised informing that the revocation command is incorrect.
This was diagnosed to indeed be the case. As the `$name` variable in
context of `revoke.pp` does not evalute to `server name` but instead
`client name`. The exec for the crl renew was updated to clarify which server
it's done for and to prevent duplicate `exec` resource names.

`catch_changes` in the acceptance test was taken out because a crl renew
is triggrered which is seen as a change.
Rubueno pushed a commit to Rubueno/puppet-openvpn that referenced this issue May 18, 2020
Fixes voxpupuli#374 - Revocation command update and crl renew
b6920df 
An issue was raised informing that the revocation command is incorrect.
This was diagnosed to indeed be the case. As the `$name` variable in
context of `revoke.pp` does not evalute to `server name` but instead
`client name`. The exec for the crl renew was updated to clarify which server
it's done for and to prevent duplicate `exec` resource names.

`catch_changes` in the acceptance test was taken out because a crl renew
is triggrered which is seen as a change.
Rubueno pushed a commit to Rubueno/puppet-openvpn that referenced this issue May 20, 2020
Fixes voxpupuli#374 - Revocation command update and crl renew
6db6115 
An issue was raised informing that the revocation command is incorrect.
This was diagnosed to indeed be the case. As the `$name` variable in
context of `revoke.pp` does not evalute to `server name` but instead
`client name`. The exec for the crl renew was updated to clarify which server
it's done for and to prevent duplicate `exec` resource names.

`catch_changes` in the acceptance test was taken out because a crl renew
is triggrered which is seen as a change.
Rubueno pushed a commit to Rubueno/puppet-openvpn that referenced this issue May 22, 2020
Fixes voxpupuli#374 - Revocation command update and crl renew
c3f6251 
An issue was raised informing that the revocation command is incorrect.
This was diagnosed to indeed be the case. As the `$name` variable in
context of `revoke.pp` does not evalute to `server name` but instead
`client name`. The exec for the crl renew was updated to clarify which server
it's done for and to prevent duplicate `exec` resource names.

`catch_changes` in the acceptance test was taken out because a crl renew
is triggrered which is seen as a change.
bastelfreak added a commit that referenced this issue May 23, 2020
@bastelfreak
Merge pull request #375 from Rubueno/revokefix
286f58a 
Fixes #374 - Revocation command update and crl renew
vanElden pushed a commit to vanElden/puppet-openvpn that referenced this issue Nov 10, 2020
@vanElden
Fixes voxpupuli#374 - Revocation command update and crl renew
f8ffd90 
An issue was raised informing that the revocation command is incorrect.
This was diagnosed to indeed be the case. As the `$name` variable in
context of `revoke.pp` does not evalute to `server name` but instead
`client name`. The exec for the crl renew was updated to clarify which server
it's done for and to prevent duplicate `exec` resource names.

`catch_changes` in the acceptance test was taken out because a crl renew
is triggrered which is seen as a change.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixes #374 - Revocation command update and crl renew Rubueno/puppet-openvpn
2 participants
@dsacchet @Rubueno