Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-2516

Delete a clients certificate with HTTP API no longer working

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Duplicate
    • Affects Version/s: PUP 3.5.1
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Template:

      Description

      When deploying openvz images, we use a init-script to delete puppets ssl directory on the client and then run curl to deletes the clients certificate from the puppet server:

      curl -k -X DELETE -H "Accept: pson" "https://puppet.example.com:8140/production/certificate_status/client.examle.com"
      

      After upgrading to puppet 3.5.1 this stopped working, I have read that I need to revoke the certificate first and that works:

      curl -k -X PUT -H "Content-Type: text/pson" --data '{"desired_state":"revoked"}' https://puppet.example.com:8140/production/certificate_status/client.example.com
      

      I have verified that the certificate gets revoked on the server:

      [root@puppet ~]# puppet cert list client.example.com
      - "client.example.com" (SHA256) A9:FD:2D:C3:E4:7C:84:12:9C:D0:B2:4C:F2:81:AB:A0:BE:9C:A4:40:A7:8E:4A:6A:D8:E0:A4:D7:10:A9:4B:E2 (certificate revoked)
      

      After this, the documentation says that I should run the DELETE command described above but that fails (using | sed for readability):

      curl -k -X DELETE -H "Accept: pson" https://puppet.example.com:8140/production/certificate_status/client.example.com | sed 's/,/\n/g'
      {"issue_kind":"RUNTIME_ERROR"
      "message":"Server Error: undefined method `each' for nil:NilClass"
      "stacktrace":["/usr/lib/ruby/site_ruby/1.8/puppet/network/http/route.rb:72:in `process'"
      "/usr/lib/ruby/site_ruby/1.8/puppet/network/http/handler.rb:63:in `process'"
      "/usr/lib/ruby/site_ruby/1.8/puppet/util/profiler/none.rb:6:in `profile'"
      "/usr/lib/ruby/site_ruby/1.8/puppet/util/profiler.rb:43:in `profile'"
      "/usr/lib/ruby/site_ruby/1.8/puppet/network/http/handler.rb:61:in `process'"
      "/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick/rest.rb:31:in `service'"
      "/usr/lib/ruby/1.8/webrick/httpserver.rb:104:in `service'"
      "/usr/lib/ruby/1.8/webrick/httpserver.rb:65:in `run'"
      "/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:36:in `listen'"
      "/usr/lib/ruby/1.8/webrick/server.rb:173:in `call'"
      "/usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread'"
      "/usr/lib/ruby/1.8/webrick/server.rb:162:in `start'"
      "/usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread'"
      "/usr/lib/ruby/1.8/webrick/server.rb:95:in `start'"
      "/usr/lib/ruby/1.8/webrick/server.rb:92:in `each'"
      "/usr/lib/ruby/1.8/webrick/server.rb:92:in `start'"
      "/usr/lib/ruby/1.8/webrick/server.rb:23:in `start'"
      "/usr/lib/ruby/1.8/webrick/server.rb:82:in `start'"
      "/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:30:in `listen'"
      "/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:29:in `initialize'"
      "/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:29:in `new'"
      "/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:29:in `listen'"
      "/usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:27:in `start'"
      "/usr/lib/ruby/site_ruby/1.8/puppet/daemon.rb:139:in `start'"
      "/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:284:in `start_webrick_master'"
      "/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:200:in `main'"
      "/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:160:in `run_command'"
      "/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:372:in `run'"
      "/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:479:in `plugin_hook'"
      "/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:372:in `run'"
      "/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:479:in `exit_on_fail'"
      "/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:372:in `run'"
      "/usr/lib/ruby/site_ruby/1.8/puppet/context.rb:51:in `override'"
      "/usr/lib/ruby/site_ruby/1.8/puppet.rb:233:in `override'"
      "/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:362:in `run'"
      "/usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:137:in `run'"
      "/usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:91:in `execute'"
      "/usr/bin/puppet:4"]}
      

      Running the puppet master in debug:

      [root@puppet ~]# puppet master --no-daemonize --debug --verbose
      [...]
      Notice: Starting Puppet master version 3.5.1
      [...]
      Debug: Routes Registered:
      Debug: Route /^\/v2\.0/
      Debug: Route /.*/
      Debug: Evaluating match for Route /^\/v2\.0/
      Debug: Did not match path ("/production/certificate_status/client.example.com")
      Debug: Evaluating match for Route /.*/
      Error: Server Error: undefined method `each' for nil:NilClass
      

        Attachments

          Issue Links

            Activity

              jsd-sla-details-panel

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  tmartensson Thomas Martensson
                • Votes:
                  1 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: