On Tuesday, May 6, 2014 1:31:48 PM UTC+2, Thomas wrote: > > When deploying openvz images, we use a init-script to delete puppets ssl > directory and then run a curl that deletes the certificate from the puppet > server: > curl -k -X DELETE -H "Accept: pson" " > https://puppet.example.com:8140/production/certificate_status/client.examle.com > ". > > After upgrading to puppet 3.5.1 this stopped working, I have read that I > need to revoke the certificate first and that works: > curl -k -X PUT -H "Content-Type: text/pson" --data > '{"desired_state":"revoked"}' > https://puppet.example.com:8140/production/certificate_status/client.example.com > > I have verified that the certificate gets revoked on the server: > [root@puppet ~]# puppet cert list client.example.com > - "client.example.com" (SHA256) > A9:FD:2D:C3:E4:7C:84:12:9C:D0:B2:4C:F2:81:AB:A0:BE:9C:A4:40:A7:8E:4A:6A:D8:E0:A4:D7:10:A9:4B:E2 > > (certificate revoked) > > After this, the documentation says that I should run the DELETE command > described above but that fails (using | sed for readability): > curl -k -X DELETE -H "Accept: pson" > https://puppet.example.com:8140/production/certificate_status/client.example.com<https://puppet.example.com:8140/production/certificate_status/work-reduce203.trioptima.com>| > sed 's/,/\n/g' > {"issue_kind":"RUNTIME_ERROR" > "message":"Server Error: undefined method `each' for nil:NilClass" > "stacktrace":["/usr/lib/ruby/site_ruby/1.8/puppet/network/http/route.rb:72:in > `process'" > "/usr/lib/ruby/site_ruby/1.8/puppet/network/http/handler.rb:63:in > `process'" > "/usr/lib/ruby/site_ruby/1.8/puppet/util/profiler/none.rb:6:in `profile'" > "/usr/lib/ruby/site_ruby/1.8/puppet/util/profiler.rb:43:in `profile'" > "/usr/lib/ruby/site_ruby/1.8/puppet/network/http/handler.rb:61:in > `process'" > "/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick/rest.rb:31:in > `service'" > "/usr/lib/ruby/1.8/webrick/httpserver.rb:104:in `service'" > "/usr/lib/ruby/1.8/webrick/httpserver.rb:65:in `run'" > "/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:36:in `listen'" > "/usr/lib/ruby/1.8/webrick/server.rb:173:in `call'" > "/usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread'" > "/usr/lib/ruby/1.8/webrick/server.rb:162:in `start'" > "/usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread'" > "/usr/lib/ruby/1.8/webrick/server.rb:95:in `start'" > "/usr/lib/ruby/1.8/webrick/server.rb:92:in `each'" > "/usr/lib/ruby/1.8/webrick/server.rb:92:in `start'" > "/usr/lib/ruby/1.8/webrick/server.rb:23:in `start'" > "/usr/lib/ruby/1.8/webrick/server.rb:82:in `start'" > "/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:30:in `listen'" > "/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:29:in > `initialize'" > "/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:29:in `new'" > "/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:29:in `listen'" > "/usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:27:in `start'" > "/usr/lib/ruby/site_ruby/1.8/puppet/daemon.rb:139:in `start'" > "/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:284:in > `start_webrick_master'" > "/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:200:in `main'" > "/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:160:in > `run_command'" > "/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:372:in `run'" > "/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:479:in `plugin_hook'" > "/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:372:in `run'" > "/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:479:in `exit_on_fail'" > "/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:372:in `run'" > "/usr/lib/ruby/site_ruby/1.8/puppet/context.rb:51:in `override'" > "/usr/lib/ruby/site_ruby/1.8/puppet.rb:233:in `override'" > "/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:362:in `run'" > "/usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:137:in `run'" > "/usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:91:in `execute'" > "/usr/bin/puppet:4"]} > > Running the puppet master in debug: > [root@puppet ~]# puppet master --no-daemonize --debug --verbose > [...] > Notice: Starting Puppet master version 3.5.1 > [...] > Debug: Routes Registered: > Debug: Route /^\/v2\.0/ > Debug: Route /.*/ > Debug: Evaluating match for Route /^\/v2\.0/ > Debug: Did not match path ("/production/certificate_status/ > client.example.com") > Debug: Evaluating match for Route /.*/ > Error: Server Error: undefined method `each' for nil:NilClass > > Any hints? >
Adding DELETE in, as suggested by Paul Beltrani in issue PUP-2516<https://tickets.puppetlabs.com/browse/PUP-2516>, /usr/lib/ruby/site_ruby/1.8/puppet/network/http/route.rb (CentOS 6) solved the issue for me. @@ -16,7 +16,8 @@ :HEAD => [MethodNotAllowedHandler], :OPTIONS => [MethodNotAllowedHandler], :POST => [MethodNotAllowedHandler],- :PUT => [MethodNotAllowedHandler]+ :PUT => [MethodNotAllowedHandler],+ :DELETE => [MethodNotAllowedHandler] } @chained = [] end Now I can delete the certificate on the puppet master from the client using curl: [root@client ~]# curl -k -X DELETE -H "Accept: pson" https://puppet.example.com:8140/production/certificate_status/client.example.com "Deleted for client.example.com: Puppet::SSL::Certificate" [root@client ~]# -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/0c8cffa5-5b76-4835-92a3-cd0e35456d50%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
