puppet-puppetserver icon indicating copy to clipboard operation
puppet-puppetserver copied to clipboard

Published 20 hours ago verified publisher icon voxpupuli

Puppetserver >= 6.5 does have issues with Augeas Trapperkeeper lens

Open keachi opened this issue 5 years ago • 0 comments

Affected Puppet, Ruby, OS and module versions/distributions

  • Puppet: 6.4.2
  • Puppetserver: 6.8.0
  • Ruby: 2.5.3p105
  • Distribution: RHEL 7.7
  • Module version: 3.0.1

How to reproduce (e.g Puppet code you use)

class nc_puppetserver::puppetserver (
  String $version = '6.8.0',
  String $java_xms = '3g',
  String $java_xmx = '3g',
) {
  ensure_resource('file', '/usr/share/augeas/lenses/dist', {'ensure' => 'directory'})

  file { 'trapperkeeper_lens_link':
    ensure  => link,
    path    => '/usr/share/augeas/lenses/dist/trapperkeeper.aug',
    target  => '/opt/puppetlabs/puppet/share/augeas/lenses/trapperkeeper.aug',
    before  => Class['puppetserver'],
    require => File['/usr/share/augeas/lenses/dist'],
  }

  class { '::puppetserver':
    version       => $version,
    config        => deep_merge(
      'java_args' => {
        'xms' => $java_xms,
        'xmx' => $java_xmx,
      },
      'webserver' => {
        'ssl-port' => '8140',
      }
    )
  }

What are you seeing

Error: /Stage[main]/Puppetserver::Config/Puppetserver::Config::Helper[webserver/ssl-port]/Puppetserver::Config::Puppetserver[webserver.conf/webserver/ssl-port]/Puppetserver_config[/etc/puppetlabs/puppetserver/conf.d/webserver.conf/webserver/ssl-port]: Could not evaluate: Augeas didn't load /etc/puppetlabs/puppetserver/conf.d/webserver.conf with Trapperkeeper.lns from /opt/puppetlabs/puppet/cache/lib/augeas/lenses: Syntax error (line:7, character:18)

What behaviour did you expect instead

It should apply the catalog without any issues. The catalog worked up to Puppetserver 6.4.0 without any issues.

Output log

Error: /Stage[main]/Puppetserver::Config/Puppetserver::Config::Helper[webserver/ssl-port]/Puppetserver::Config::Puppetserver[webserver.conf/webserver/ssl-port]/Puppetserver_config[/etc/puppetlabs/puppetserver/conf.d/webserver.conf/webserver/ssl-port]: Could not evaluate: Augeas didn't load /etc/puppetlabs/puppetserver/conf.d/webserver.conf with Trapperkeeper.lns from /opt/puppetlabs/puppet/cache/lib/augeas/lenses: Syntax error (line:7, character:18)

Any additional information you'd like to impart

With the upgrade of the Puppetserver to 6.8.0 the configuration file /etc/puppetlabs/puppetserver/conf.d/webserver.conf has changed. With version 6.8.0 there are cipher-suites configured, while in 6.4.0 there were no cipher-suites configured. If I remove them the Puppet run applies without issues. I guess that the Trapperkeeper.lns has an issue with the format how the cipher-suites are written.

webserver: {
    access-log-config: /etc/puppetlabs/puppetserver/request-logging.xml
    client-auth: want
    ssl-host: 0.0.0.0
    ssl-port: 8140

    cipher-suites: [
        "SSL_CK_DES_192_EDE3_CBC_WITH_SHA"
        "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"
        [...]
    ]
}

Removing the configuration option cipher-suites with all it's content, helps with this issue.

keachi avatar Jan 22 '20 13:01 keachi