Issue #3044 has been updated by James Turnbull. Status changed from Unreviewed to Needs more information
Have you tried this with 0.25.x? I think you'll find its cleaner. ---------------------------------------- Bug #3044: unhelpful error message when ca.pem is missing http://projects.reductivelabs.com/issues/3044 Author: Kurt Keller Status: Needs more information Priority: Low Assigned to: Category: error reporting Target version: Affected version: 0.24.8 Keywords: Branch: When trying to fit our client systems with valid puppet certificates upon OS installation, I ran into a problem. Finally found the cause (CA certificate not installed). As I'm not fluent enough in ruby to understand what is going on in that part of the code, a more informative error message would have helped and saved a lot of time. Maybe other people stumble over the same problem. The following patch (against puppet 0.24.8) gives the information which would have helped (me) a lot. I guess you would like to have it done differently (e.g. log entry and graceful shutdown or so), but I don't know how to do that. <pre> --- puppet/network/http_pool.rb 2010-01-13 14:08:51.000000000 +0000 +++ puppet/network/http_pool.rb.new 2010-01-13 14:09:16.000000000 +0000 @@ -47,7 +47,12 @@ return false unless (defined?(@cert) and @cert) or self.read_cert store = OpenSSL::X509::Store.new - store.add_file Puppet[:localcacert] + begin + store.add_file Puppet[:localcacert] + rescue => ex + puts "CA certificate (%s) unreadable" % Puppet[:localcacert], ex + raise ex + end store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT http.cert_store = store </pre> output without the patch <pre> /usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/http_pool.rb:50:in `add_file': system lib (OpenSSL::X509::StoreError) from /usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/http_pool.rb:50:in `cert_setup' from /usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/http_pool.rb:101:in `http_instance' from /usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/xmlrpc/client.rb:186:in `initialize' from /usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/client.rb:94:in `new' from /usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/client.rb:94:in `initialize' from /usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/client/master.rb:198:in `initialize' from /usr/sbin/puppetd:328:in `new' from /usr/sbin/puppetd:328 </pre> output with the patch <pre> CA certificate (/var/lib/puppet/ssl/certs/ca.pem) unreadable /usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/http_pool.rb:51:in `add_file': system lib (OpenSSL::X509::StoreError) from /usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/http_pool.rb:51:in `cert_setup' from /usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/http_pool.rb:106:in `http_instance' from /usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/xmlrpc/client.rb:186:in `initialize' from /usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/client.rb:94:in `new' from /usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/client.rb:94:in `initialize' from /usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/client/master.rb:198:in `initialize' from /usr/sbin/puppetd:328:in `new' from /usr/sbin/puppetd:328 </pre> -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account--
You received this message because you are subscribed to the Google Groups "Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to [email protected].
For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
