When deploying openvz images, we use a init-script to delete puppets ssl
directory and then run a curl that deletes the certificate from the puppet
server:
curl -k -X DELETE -H "Accept: pson"
"https://puppet.example.com:8140/production/certificate_status/client.examle.com";.
After upgrading to puppet 3.5.1 this stopped working, I have read that I
need to revoke the certificate first and that works:
curl -k -X PUT -H "Content-Type: text/pson" --data
'{"desired_state":"revoked"}'
https://puppet.example.com:8140/production/certificate_status/client.example.com
I have verified that the certificate gets revoked on the server:
[root@puppet ~]# puppet cert list client.example.com
- "client.example.com" (SHA256)
A9:FD:2D:C3:E4:7C:84:12:9C:D0:B2:4C:F2:81:AB:A0:BE:9C:A4:40:A7:8E:4A:6A:D8:E0:A4:D7:10:A9:4B:E2
(certificate revoked)
After this, the documentation says that I should run the DELETE command
described above but that fails (using | sed for readability):
curl -k -X DELETE -H "Accept: pson"
https://puppet.example.com:8140/production/certificate_status/work-reduce203.trioptima.com
| sed 's/,/\n/g'
{"issue_kind":"RUNTIME_ERROR"
"message":"Server Error: undefined method `each' for nil:NilClass"
"stacktrace":["/usr/lib/ruby/site_ruby/1.8/puppet/network/http/route.rb:72:in
`process'"
"/usr/lib/ruby/site_ruby/1.8/puppet/network/http/handler.rb:63:in `process'"
"/usr/lib/ruby/site_ruby/1.8/puppet/util/profiler/none.rb:6:in `profile'"
"/usr/lib/ruby/site_ruby/1.8/puppet/util/profiler.rb:43:in `profile'"
"/usr/lib/ruby/site_ruby/1.8/puppet/network/http/handler.rb:61:in `process'"
"/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick/rest.rb:31:in
`service'"
"/usr/lib/ruby/1.8/webrick/httpserver.rb:104:in `service'"
"/usr/lib/ruby/1.8/webrick/httpserver.rb:65:in `run'"
"/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:36:in `listen'"
"/usr/lib/ruby/1.8/webrick/server.rb:173:in `call'"
"/usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread'"
"/usr/lib/ruby/1.8/webrick/server.rb:162:in `start'"
"/usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread'"
"/usr/lib/ruby/1.8/webrick/server.rb:95:in `start'"
"/usr/lib/ruby/1.8/webrick/server.rb:92:in `each'"
"/usr/lib/ruby/1.8/webrick/server.rb:92:in `start'"
"/usr/lib/ruby/1.8/webrick/server.rb:23:in `start'"
"/usr/lib/ruby/1.8/webrick/server.rb:82:in `start'"
"/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:30:in `listen'"
"/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:29:in
`initialize'"
"/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:29:in `new'"
"/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:29:in `listen'"
"/usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:27:in `start'"
"/usr/lib/ruby/site_ruby/1.8/puppet/daemon.rb:139:in `start'"
"/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:284:in
`start_webrick_master'"
"/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:200:in `main'"
"/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:160:in
`run_command'"
"/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:372:in `run'"
"/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:479:in `plugin_hook'"
"/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:372:in `run'"
"/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:479:in `exit_on_fail'"
"/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:372:in `run'"
"/usr/lib/ruby/site_ruby/1.8/puppet/context.rb:51:in `override'"
"/usr/lib/ruby/site_ruby/1.8/puppet.rb:233:in `override'"
"/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:362:in `run'"
"/usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:137:in `run'"
"/usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:91:in `execute'"
"/usr/bin/puppet:4"]}
Running the puppet master in debug:
[root@puppet ~]# puppet master --no-daemonize --debug --verbose
[...]
Notice: Starting Puppet master version 3.5.1
[...]
Debug: Routes Registered:
Debug: Route /^\/v2\.0/
Debug: Route /.*/
Debug: Evaluating match for Route /^\/v2\.0/
Debug: Did not match path
("/production/certificate_status/client.example.com")
Debug: Evaluating match for Route /.*/
Error: Server Error: undefined method `each' for nil:NilClass
Any hints?
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/9d8aef00-8855-4190-a32d-3ae897217c22%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
