Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-10377

Puppet-agent version 6.14.0 and file resource pulling from https source broken

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Blocker
    • Resolution: Duplicate
    • PUP 6.14.0
    • None
    • None
    • None
    • Needs Assessment
    • Needs Assessment

    Description

      We are currently installing puppet-agent via apt. Before the 6.14.0 release we were able to successfully use the file resource to pull from an https:// source. However, once we downloaded the latest release, this functionality broke for us. Specifically, this works with 6.13.0 and not 6.14.0.

      Example of the error with 6.14.0:

      2020-03-18T17:33:37Z ==> base-ami:oasis: Error: Failed to initialize SSL: The CA certificates are missing from '/etc/puppetlabs/puppet/ssl/certs/ca.pem'2020-03-18T17:33:37Z ==> base-ami:oasis: Error: Run `puppet agent -t`2020-03-18T17:33:37Z ==> base-ami:oasis: Error: Request to https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem failed after 0.001 seconds: The CA certificates are missing from '/etc/puppetlabs/puppet/ssl/certs/ca.pem'2020-03-18T17:33:37Z ==> base-ami:oasis: Wrapped exception:
      		 
       2020-03-18T17:33:37Z ==> base-ami:oasis: The CA certificates are missing from '/etc/puppetlabs/puppet/ssl/certs/ca.pem'2020-03-18T17:33:37Z ==> base-ami:oasis: Error: /Stage[main]/Aws_rds_ca/File[/usr/local/share/ca-certificates/aws-rds-combined-ca-bundle.crt]/ensure: change from 'absent' to 'file' failed: Request to https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem failed after 0.001 seconds: The CA certificates are missing from '/etc/puppetlabs/puppet/ssl/certs/ca.pem'

      Example of this working with 6.13.0:

      2020-03-18T18:36:05Z Notice: /Stage[main]/Aws_rds_ca/File[/usr/local/share/ca-certificates/aws-rds-combined-ca-bundle.crt]/ensure: defined content as '{mtime}2019-09-19 18:27:50 UTC'

      Puppet code:

      class aws_rds_ca {
      		 
          # https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.SSL
      		 
          file
      		 
      { '/usr/local/share/ca-certificates/aws-rds-combined-ca-bundle.crt':         source => 'https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem',         owner  => 'root',         group  => 'root',         mode   => '0444',     }
      		 
      ->
      		 
          exec { 'update-ca-certificates': }
      		 
      }

       

      Is there a workaround for this now, or is this a bug?

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. PUP-10365 puppet agent unable to fetch file from https source - Error: certificate verify failed

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              espey Erin
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support