[Puppet-dev] (puppetlabs/puppet-dashboard) (#12476) Add context to install.rake exceptions

[wearetherobots]

Please review pull request #83: (#12476) Add context to install.rake exceptions opened by (adrienthebo)

Description:

Tasks inside lib/tasks/install.rake could throw SocketErrors when
attempting to contact the CA server that did not give sufficient context
as to what connection was failing. This could let to the ultimately
unhelpful state of

(in /opt/puppet/share/puppet-dashboard)
rake aborted!
getaddrinfo: Name or service not known

This adds exception handling that will add the relevant context to the
exception and re-raise it. In this case, we would get

(in /opt/puppet/share/puppet-dashboard)
rake aborted!
Unable to contact ca_server example.unreachable.foo: getaddrinfo: Name or service not known

So when the task fails, there's a clear explanation for what exactly is
failing.

• Opened: Wed Feb 08 04:08:31 UTC 2012
• Based on: puppetlabs:master (7695abdf9d7b09e446dae9d6f7a4521e4a1837a0)
• Requested merge: adrienthebo:ticket/master/12476-exception_handling_on_ca_server_unreachable (4dca8046f6d9b297c39fd79fc6ee53a6ac76d0af)

Diff follows:

diff --git a/lib/tasks/install.rake b/lib/tasks/install.rake
index a388427..8d5e9b6 100644
--- a/lib/tasks/install.rake
+++ b/lib/tasks/install.rake
@@ -46,8 +46,12 @@ namespace :cert do
     cert_req.public_key = key.public_key
     cert_req.sign(key, OpenSSL::Digest::MD5.new)
 
-    PuppetHttps.put("https://#{SETTINGS.ca_server}:#{SETTINGS.ca_port}/production/certificate_request/#{CGI::escape(SETTINGS.cn_name)}",
-                    'text/plain', cert_req.to_s, false)
+    begin
+      PuppetHttps.put("https://#{SETTINGS.ca_server}:#{SETTINGS.ca_port}/production/certificate_request/#{CGI::escape(SETTINGS.cn_name)}",
+                      'text/plain', cert_req.to_s, false)
+    rescue SocketError => e
+      raise SocketError, "Unable to contact CA server #{SETTINGS.ca_server}: #{e.message}"
+    end
   end
 
   desc "Retrieve a certificate from the Puppet Master"
@@ -55,25 +59,29 @@ namespace :cert do
     require 'openssl'
     require 'puppet_https'
     require 'cgi'
-    cert_s = PuppetHttps.get("https://#{SETTINGS.ca_server}:#{SETTINGS.ca_port}/production/certificate/#{CGI::escape(SETTINGS.cn_name)}", 's', false)
-    cert = OpenSSL::X509::Certificate.new(cert_s)
-    key = OpenSSL::PKey::RSA.new(File.read(SETTINGS.public_key_path))
-    raise "Certificate doesn't match key" unless cert.public_key.to_s == key.to_s
-    FileUtils.mkdir_p(File.dirname(SETTINGS.certificate_path))
-    File.open(SETTINGS.certificate_path, 'w') do |file|
-      file.print cert_s
-    end
+    begin
+      cert_s = PuppetHttps.get("https://#{SETTINGS.ca_server}:#{SETTINGS.ca_port}/production/certificate/#{CGI::escape(SETTINGS.cn_name)}", 's', false)
+      cert = OpenSSL::X509::Certificate.new(cert_s)
+      key = OpenSSL::PKey::RSA.new(File.read(SETTINGS.public_key_path))
+      raise "Certificate doesn't match key" unless cert.public_key.to_s == key.to_s
+      FileUtils.mkdir_p(File.dirname(SETTINGS.certificate_path))
+      File.open(SETTINGS.certificate_path, 'w') do |file|
+        file.print cert_s
+      end
 
-    ca_cert_s = PuppetHttps.get("https://#{SETTINGS.ca_server}:#{SETTINGS.ca_port}/production/certificate/ca", 's', false)
-    ca_cert = OpenSSL::X509::Certificate.new(ca_cert_s)
-    raise "Certificate isn't signed by CA" unless cert.verify(ca_cert.public_key)
-    File.open(SETTINGS.ca_certificate_path, 'w') do |file|
-      file.print ca_cert_s
-    end
+      ca_cert_s = PuppetHttps.get("https://#{SETTINGS.ca_server}:#{SETTINGS.ca_port}/production/certificate/ca", 's', false)
+      ca_cert = OpenSSL::X509::Certificate.new(ca_cert_s)
+      raise "Certificate isn't signed by CA" unless cert.verify(ca_cert.public_key)
+      File.open(SETTINGS.ca_certificate_path, 'w') do |file|
+        file.print ca_cert_s
+      end
 
-    ca_crl_s = PuppetHttps.get("https://#{SETTINGS.ca_server}:#{SETTINGS.ca_port}/production/certificate_revocation_list/ca", 's')
-    File.open(SETTINGS.ca_crl_path, 'w') do |file|
-      file.print ca_crl_s
+      ca_crl_s = PuppetHttps.get("https://#{SETTINGS.ca_server}:#{SETTINGS.ca_port}/production/certificate_revocation_list/ca", 's')
+      File.open(SETTINGS.ca_crl_path, 'w') do |file|
+        file.print ca_crl_s
+      end
+    rescue SocketError => e
+      raise SocketError, "Unable to contact CA server #{SETTINGS.ca_server}: #{e.message}"
     end
   end
 end

    

--
You received this message because you are subscribed to the Google Groups "Puppet Developers" group.
To post to this group, send email to puppet-dev@googlegroups.com.
To unsubscribe from this group, send email to puppet-dev+unsubscr...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.