Issue #3044 has been updated by Kurt Keller.
Unfortunately I don't have the possibility to setup an 0.25 environment. >From what I can see in the git repository, at least this should not spew out >these kind of ruby errors, as existence of the certificate is checked for: <pre> # Just no-op if we don't have certs. return false unless FileTest.exist?(Puppet[:hostcert]) and FileTest.exist?(Puppet[:localcacert]) </pre> There are still lots of 0.24.8 installations; e.g. the latest Fedora still uses 0.24.8 in its repository, which means also Red Hat 6 (based on Fedora 12) will, if puppet is included, use this version. Thus it might make sense to add the 'beautifix' in 0.24.8. ---------------------------------------- Bug #3044: unhelpful error message when ca.pem is missing http://projects.reductivelabs.com/issues/3044 Author: Kurt Keller Status: Needs more information Priority: Low Assigned to: Category: error reporting Target version: Affected version: 0.24.8 Keywords: Branch: When trying to fit our client systems with valid puppet certificates upon OS installation, I ran into a problem. Finally found the cause (CA certificate not installed). As I'm not fluent enough in ruby to understand what is going on in that part of the code, a more informative error message would have helped and saved a lot of time. Maybe other people stumble over the same problem. The following patch (against puppet 0.24.8) gives the information which would have helped (me) a lot. I guess you would like to have it done differently (e.g. log entry and graceful shutdown or so), but I don't know how to do that. <pre> --- puppet/network/http_pool.rb 2010-01-13 14:08:51.000000000 +0000 +++ puppet/network/http_pool.rb.new 2010-01-13 14:09:16.000000000 +0000 @@ -47,7 +47,12 @@ return false unless (defined?(@cert) and @cert) or self.read_cert store = OpenSSL::X509::Store.new - store.add_file Puppet[:localcacert] + begin + store.add_file Puppet[:localcacert] + rescue => ex + puts "CA certificate (%s) unreadable" % Puppet[:localcacert], ex + raise ex + end store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT http.cert_store = store </pre> output without the patch <pre> /usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/http_pool.rb:50:in `add_file': system lib (OpenSSL::X509::StoreError) from /usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/http_pool.rb:50:in `cert_setup' from /usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/http_pool.rb:101:in `http_instance' from /usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/xmlrpc/client.rb:186:in `initialize' from /usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/client.rb:94:in `new' from /usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/client.rb:94:in `initialize' from /usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/client/master.rb:198:in `initialize' from /usr/sbin/puppetd:328:in `new' from /usr/sbin/puppetd:328 </pre> output with the patch <pre> CA certificate (/var/lib/puppet/ssl/certs/ca.pem) unreadable /usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/http_pool.rb:51:in `add_file': system lib (OpenSSL::X509::StoreError) from /usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/http_pool.rb:51:in `cert_setup' from /usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/http_pool.rb:106:in `http_instance' from /usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/xmlrpc/client.rb:186:in `initialize' from /usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/client.rb:94:in `new' from /usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/client.rb:94:in `initialize' from /usr/local/puppet/lib64/ruby/site_ruby/1.8/puppet/network/client/master.rb:198:in `initialize' from /usr/sbin/puppetd:328:in `new' from /usr/sbin/puppetd:328 </pre> -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account--
You received this message because you are subscribed to the Google Groups "Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to [email protected].
For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
