Issue #3044 has been reported by Kurt Keller. ---------------------------------------- Bug #3044: unhelpful error message when ca.pem is missing http://projects.reductivelabs.com/issues/3044
Author: Kurt Keller
Status: Unreviewed
Priority: Low
Assigned to:
Category: error reporting
Target version:
Affected version: 0.24.8
Keywords:
Branch:
When trying to fit our client systems with valid puppet certificates upon OS
installation, I ran into a problem. Finally found the cause (CA certificate not
installed). As I'm not fluent enough in ruby to understand what is going on in
that part of the code, a more informative error message would have helped and
saved a lot of time. Maybe other people stumble over the same problem.
The following patch (against puppet 0.24.8) gives the information which would
have helped (me) a lot. I guess you would like to have it done differently
(e.g. log entry and graceful shutdown or so), but I don't know how to do that.
<pre>
--- puppet/network/http_pool.rb 2010-01-13 14:08:51.000000000 +0000
+++ puppet/network/http_pool.rb.new 2010-01-13 14:09:16.000000000 +0000
@@ -47,7 +47,12 @@
return false unless (defined?(@cert) and @cert) or self.read_cert
store = OpenSSL::X509::Store.new
- store.add_file Puppet[:localcacert]
+ begin
+ store.add_file Puppet[:localcacert]
+ rescue => ex
+ puts "CA certificate (%s) unreadable" % Puppet[:localcacert], ex
+ raise ex
+ end
store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
http.cert_store = store
</pre>
output without the patch
<pre>
/usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/http_pool.rb:50:in
`add_file': system lib (OpenSSL::X509::StoreError)
from
/usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/http_pool.rb:50:in
`cert_setup'
from
/usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/http_pool.rb:101:in
`http_instance'
from
/usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/xmlrpc/client.rb:186:in
`initialize'
from
/usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/client.rb:94:in `new'
from
/usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/client.rb:94:in
`initialize'
from
/usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/client/master.rb:198:in
`initialize'
from /usr/sbin/puppetd:328:in `new'
from /usr/sbin/puppetd:328
</pre>
output with the patch
<pre>
CA certificate (/var/lib/puppet/ssl/certs/ca.pem) unreadable
/usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/http_pool.rb:51:in
`add_file': system lib (OpenSSL::X509::StoreError)
from
/usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/http_pool.rb:51:in
`cert_setup'
from
/usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/http_pool.rb:106:in
`http_instance'
from
/usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/xmlrpc/client.rb:186:in
`initialize'
from
/usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/client.rb:94:in `new'
from
/usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/client.rb:94:in
`initialize'
from
/usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/client/master.rb:198:in
`initialize'
from /usr/sbin/puppetd:328:in `new'
from /usr/sbin/puppetd:328
</pre>
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://reductivelabs.com/redmine/my/account
-- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to [email protected].
For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
