Details
-
Bug
-
Status: Closed
-
Normal
-
Resolution: Incomplete
-
PUP 3.8.7
-
None
-
CentOS 7.2, latest
-
Coremunity
-
Needs Assessment
Description
We are trying to deploy an instance centos that uses puppet to install and configure services. We use puppet apply to setup and configure the system until passenger is available to serve responses from apache.
We receive the following error
Error: Failed to apply catalog: Parameter ca failed on Ca[katello-server-ca]: Expected Ca resource at /etc/puppet/modules/certs/manifests/init.pp:167
|
Running this code with puppet agent fails, however a puppet apply works as expected.
The failure is perplexing. This code is verbatim from upstream katello so it is widely used. The failure is repeatable.
To reproduce this issue;
1. We install and configure networking on a bare CentOS host from an ISO.
2. Yum update.
3. sudo rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
4. yum install puppetserver
5. puppet module install katello-certs –verbose
output:
Notice: Preparing to install into /etc/puppet/modules ...
|
Notice: Downloading from https://forgeapi.puppetlabs.com ...
|
Info: Resolving dependencies ...
|
Info: Preparing to install ...
|
Notice: Installing -- do not interrupt ...
|
/etc/puppet/modules
|
└─┬ katello-certs (v0.7.2)
|
├─┬ evenup-trusted_ca (v1.99.0)
|
│ └── puppetlabs-stdlib (v4.13.1)
|
├── katello-common (v0.2.0)
|
├── puppet-extlib (v0.11.3)
|
├── puppetlabs-concat (v2.2.0)
|
└─┬ theforeman-foreman (v6.0.0)
|
├── puppetlabs-apache (v1.10.0)
|
├── puppetlabs-apt (v2.3.0)
|
├── puppetlabs-postgresql (v4.8.0)
|
└─┬ theforeman-tftp (v1.8.2)
|
└── puppetlabs-xinetd (v2.0.0)
|
6. Configure dnsmasq locally to point the names ‘foreman’ and ‘puppet’ to 127.0.0.1.
7. Configure manifest
# cat <<EOF >> /etc/puppet/manifests/site.pp
|
node puppet {
|
class{ 'certs':
|
}
|
}
|
8. Systemctl start puppetserver
9. Puppet agent–t –debug –trace
Output
...snip...
|
Debug: /File[/etc/pki/katello/private/katello-default-ca.pwd]/seltype: Found seltype default 'cert_t' for /etc/pki/katello/private/katello-default-ca.pwd
|
Debug: /File[/etc/pki/katello/private/katello-default-ca.pwd]/selrange: Found selrange default 's0' for /etc/pki/katello/private/katello-default-ca.pwd
|
*Error: Failed to apply catalog: Parameter ca failed on Ca[katello-server-ca]: Expected Ca resource at /etc/puppet/modules/certs/manifests/init.pp:167*
|
/var/lib/puppet/lib/puppet/type/certs_common.rb:44:in `block (3 levels) in <module:Certs>'
|
/usr/share/ruby/vendor_ruby/puppet/parameter.rb:465:in `validate'
|
/usr/share/ruby/vendor_ruby/puppet/parameter.rb:500:in `value='
|
/usr/share/ruby/vendor_ruby/puppet/type.rb:654:in `[]='
|
/usr/share/ruby/vendor_ruby/puppet/type.rb:2272:in `block in set_parameters'
|
...snip...
|
Specific questions to IRC at #theforeman, #theforeman-dev and theforeman@googlegroups has yielded no response.
I suspect it is a puppet language/ruby issue whereby the parameter 'ca' is not of the type Puppet::Resource for an agent run but is for an apply?
More generally, we are invoking classes in the style of katello-answers.yaml to install and configure other components. Which works well with puppet apply, however fails with puppet agent. The above instructions are to reproduce the issue we experience.
